Splunk SIEM Engineer

About The Position

Requirements

• A SecurityX, CASP, or equivalent DoD 8140 IAT-3 certification is required.
• An interim DoD Secret security clearance or higher is required to start.
• Hands-on experience with Splunk Enterprise and Splunk Enterprise Security (ES)
• Strong understanding of SIEM architecture, design, and operations
• Experience with log ingestion, parsing, normalization, and CIM mapping
• Proficiency in developing correlation searches, alerts, and dashboards
• Experience tuning SIEM content to reduce false positives and improve detection accuracy
• Familiarity with data onboarding strategies and license optimization
• Knowledge of cybersecurity principles, threat detection, and incident response
• Experience with system administration tasks including patching, upgrades, and performance monitoring

Nice To Haves

• Experience operating Splunk in distributed or multi-tenant environments
• Knowledge of data pipelines and log forwarding technologies (e.g., syslog, APIs, forwarders)
• Familiarity with frameworks such as MITRE ATT&CK
• Experience supporting Zero Trust or advanced security architectures
• Preferred certifications (e.g., Splunk Certified Admin, Splunk ES Certified, Security+)
• Required certification CompTIA SecurityX (CASP)

Responsibilities

• Lead the transformation of the Splunk environment into a fully functional SIEM platform
• Manage and optimize the data ingestion pipeline, including auditing existing data sources, eliminating unnecessary data ingestion, onboarding new data sources, and parsing, normalizing, and mapping ingested data to the Splunk Common Information Model (CIM)
• Configure, maintain, and optimize Splunk Enterprise Security (ES)
• Configure, maintain, and optimize Splunk security orchestration, automation, and response platform (SOAR)
• Develop and maintain correlation searches, detections, and use cases
• Create and tune alerts to improve fidelity and reduce false positives
• Build dashboards and visualizations for operational awareness and trend analysis
• Monitor overall platform health and performance
• Perform system upgrades, patching, and capacity planning
• Manage intra Splunk certificates
• Manage the lifecycle of security content, including refining detections and correlation rules, and enhancing visibility and detection coverage based on emerging threats
• Ensure consistent SIEM operations regardless of hosting environment or infrastructure ownership
• Support ongoing security operations and future cybersecurity initiatives

Benefits

• Tuition assistance
• Competitive paid vacation package
• 11 paid federal holidays
• High-quality, low-deductible healthcare plans
• Pet insurance
• Competitive 401K package