Cyber Security Engineer - Splunk Focused

Cybersecurity Engineer – Splunk Focus (Contract)

This position is mostly remote; there may be the need to go onsite (DC Metro) occasionally.

Clearance Requirement: Public Trust or ability to obtain (US citizen)

Position Overview:

We are seeking a motivated and detail-oriented Cybersecurity Engineer with a specialized focus on Splunk technologies to support a large government agency. This position is part of a broader cybersecurity program encompassing multiple task areas, including Security Architecture and Engineering, Security Assessments, Incident Response, Cybersecurity Mission Enablement, and Enterprise Fraud Risk Management.

The selected candidate will play a pivotal role in developing, enhancing, and maintaining Splunk dashboards, queries, and reports, while also supporting the integration and operationalization of Splunk Enterprise User Behavior Analytics (EUBA) and Splunk SOAR (Security Orchestration, Automation, and Response). The role requires strong technical skills, an analytical mindset, and the ability to work collaboratively within a fast-paced, cross-functional cybersecurity team.

Key Responsibilities:

• Design, develop, and maintain Splunk dashboards, reports, and data visualizations to support operational, executive, and compliance reporting requirements across the Security Fusion Center.
• Manage and support the onboarding of log sources into Splunk, ensuring proper data normalization, parsing, and indexing in alignment with use cases and compliance needs.
• Assist in the configuration, implementation, and optimization of Splunk EUBA and SOAR capabilities, including behavior analytics and development of automated incident response playbooks.
• Collaborate with security analysts, threat hunters, and engineers to enhance threat detection, alert tuning, and incident response workflows.
• Support architectural improvements and integration efforts for Splunk and related cybersecurity platforms.
• Contribute to documentation and compliance tracking activities using ServiceNow GRC, including generation of artifacts and evidence for audits and assessments.
• Participate in team meetings and contribute to strategic initiatives across task areas, including knowledge sharing and best practices for Splunk and security engineering.
• Provide ad hoc support to other cybersecurity efforts such as Security Architecture, Security Assessments, or Fraud Risk Management initiatives, as needed.

Required Skills and Experience:

• Minimum of 3 years of hands-on experience as a Splunk Engineer in a cybersecurity or security operations context.
• Proven ability to create and manage Splunk dashboards, SPL queries, and alerts, including integration and troubleshooting of log sources.
• Experience with Splunk EUBA and/or Splunk SOAR, with working knowledge of behavior analytics and automated workflows.
• Familiarity with common cybersecurity processes and tools, including threat detection, alert triage, and incident response.
• Strong collaboration and communication skills, with the ability to work effectively across multiple teams and with government stakeholders.
• Experience or comfort working with compliance frameworks and tools, including ServiceNow GRC or similar platforms.

Preferred Qualifications:

• One or more Splunk certifications, such as Splunk Power User, Splunk Certified Admin, or Splunk Architect.
• Prior experience supporting federal cybersecurity programs
• Knowledge of cybersecurity frameworks such as MITRE ATT&CK, NIST SP 800-53, or other federal risk and compliance standards.
• Ability and willingness to support adjacent task areas including Security Architecture, Assessment Services, and Enterprise Fraud Risk Management, as business needs evolve.