Senior Splunk Engineer
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Senior Splunk Engineer managing and architecting Splunk Enterprise and Enterprise Security in hybrid environments with a focus on AWS. Driving compliance and operational efficiency through governance and RBAC.
Responsibilities:
- Design, deploy, and maintain Splunk Enterprise, indexers, search heads (including SHC), cluster master/CM, deployment server/Deployer, forwarders, and KV stores across on‑prem and AWS.
- Engineer scalable data onboarding pipelines, parsing, and indexing with props/transforms, HEC, UF/HF, and S3/SQS/SNS-based ingestion.
- Enforce RBAC, data retention, index strategy, knowledge object governance, and change control aligned to federal compliance.
- Optimize search performance, data model accelerations, KV store usage, and ES notable event throughput and latency.
- Develop and tune ES correlation searches, risk-based alerting (RBA), and adaptive response actions mapped to MITRE ATT&CK.
- Build dashboards, investigations, and notable event workflows that reduce false positives and drive analyst efficiency.
- Maintain CIM-compliant data models; lead normalization and data quality initiatives across cloud, endpoint, identity, and network sources.
- Measure and report detection and response efficacy (MTTR, precision/recall, RBA risk scores, SLA adherence).
- Engineer Splunk SOAR (Phantom) playbooks and apps with secure, scalable configurations to triage, enrich, and contain threats.
- Integrate ES notables with automated triage and ServiceNow IR for incident creation, enrichment, SLA tracking, approvals, and evidence attachments.
- Build AWS-focused detection and response: GuardDuty, CloudTrail, Security Hub, VPC Flow Logs, IAM, EC2, S3; implement safe actions (e.g., EC2 isolation, S3 access updates, EBS snapshots, IAM key rotation/MFA enforcement, Security Hub updates) with human-in-the-loop approvals and rollback.
- Integrate EDR and identity platforms for host containment, IOC blocking, and remote response via APIs.
- Lead Splunk deployments in AWS including scalability, multi-account/multi-region ingestion, and cross-account automation via Boto3 and native services.
- Standardize reusable Python modules, SDK usage, and CI/CD practices for app/deployment packaging and version control.
- Map controls to FISMA/NIST RMF, FedRAMP, and CMMC; maintain audit-ready evidence through logging, approval trails, and configuration baselines.
- Drive POA&M updates, control validations, and continuous monitoring dashboards.
- Champion secrets management, least privilege, and safe-response guardrails in all platform and automation changes.
- Translate SOC/IR runbooks (phishing, malware, IAM abuse, EC2 compromise) into reliable detections and automations.
- Mentor junior engineers and analysts on SPL, ES content development, CIM, and SOAR playbooks.
- Partner with stakeholders to prioritize use cases and deliver quantifiable outcomes.
- Other duties as assigned.
Requirements:
- 7+ years in security engineering, SOC/IR, or platform engineering, including 4+ years designing and operating Splunk Enterprise and Splunk ES in production.
- 3+ years hands-on with Splunk SOAR (Phantom) and automation of ES notables and ServiceNow IR workflows.
- Strong AWS experience: GuardDuty, CloudTrail, Security Hub, IAM, EC2, S3, VPC Flow Logs; cross-account and multi-region preferred.
- Proven ServiceNow Incident Response integration experience.
- Proficiency in SPL, Python, AWS Boto3, Splunk/Phantom SDKs, REST APIs, and Git-based version control.
- Deep knowledge of CIM, data model accelerations, index/retention strategy, and search performance tuning.
- Strong grasp of MITRE ATT&CK, CVE/CVSS, CISA KEV, and risk-based detection and automation.
- Experience aligning operations with FISMA/NIST RMF, FedRAMP, and CMMC; evidence generation and audit support.
- Preferred: Splunk certifications (Core Certified Power User/Admin/Architect, ES Admin), AWS certifications, Security+, CySA+, CISSP, GCDA/GCSA.
- Preferred: Experience with Splunk SHC, DS/Deployer, KVstore management, ES content management at scale, AWS Organizations, and ServiceNow IR customization/change management integrations.
- Must pass pre-employment qualifications of Cherokee Federal.
Benefits:
- Medical
- Dental
- Vision
- 401K
- Other possible benefits. Benefits may change with or without notice.
Report this job
Job expired or something wrong with this job?
Similar Jobs
Senior Engineer, Supplier Quality
Sr Engineer Supplier Quality leading supplier quality oversight for a global supply base at Medline. Driving corrective actions and supplier development to enhance quality, reliability, and compliance.
Utility Engineer III
Utility Engineer III at CHA Consulting, Inc. designing and analyzing overhead transmission projects to strengthen the energy infrastructure and enhance grid reliability.
Lead R&D Engineer – MV
Lead R&D Engineer responsible for designing medium voltage power distribution products. Oversee engineering team and align designs with project requirements for a leading manufacturer in North America.
Astrodynamics Engineer
Astrodynamics Engineer developing algorithms and providing orbit support for LeoLabs mission-critical challenges in space. Collaborating with a multidisciplinary team to improve operational efficiency.
Supplier Development Engineer
Supplier Development Engineer at Hitachi Energy improving supplier quality and delivery. Identifying and assessing suppliers, leading audits and development initiatives.
Data Engineer II
Data Engineer responsible for data pipeline development and maintenance at Energisa. Integrating data from multiple sources and ensuring data quality and governance practices.
Senior Data Protection Engineer
Senior Data Protection Engineer leading the implementation of enterprise data protection solutions at Redesign Group. Collaborating with customer IT teams in complex infrastructure environments.
Site Safety Engineer
Site Safety Engineer ensuring safety compliance at construction sites for Gray Construction. Involved in safety meetings, training, and maintaining safety records for various projects.
Mobile Fabric Engineer
Mobile Engineer responsible for maintenance and repair across multiple UK locations. Requires expertise in building systems, plumbing, and customer service skills.
Electrical Commissioning Engineer – Data Centers
Electrical Commissioning Engineer supporting Data Center/Mission Critical projects with a focus on QA/QC and commissioning. Requires experience in electrical engineering and ability to travel 50% of the time.
Voice Engineer
Voice Engineer implementing product solutions for Broadvoice's AI-powered contact center and communications. Collaborating with customers on system requirements and ensuring smooth transitions to VoIP networks.
Customer SIEM Engineer
Customer SIEM Engineer facilitating onboarding and technical success for Gravwell customers. Collaborating with client security teams to design systems and develop detection logic.
Microservices Engineer
Microservices Engineer providing technical leadership across various teams for a major VA initiative. Responsible for architecture guidance and overseeing high-performance engineering efforts.
Senior Scalability Engineer – Observability
Senior Scalability Engineer at Judi Health focused on observability platform development and engineering productivity. Defining and building organization-wide observability strategy, tooling, and platform products.
Controls Engineer
Controls Engineer designing control systems including programming and commissioning for electrical engineering projects. Remote position with travel requirements and focus on power systems integration.
Sustaining Engineer
Current Product Engineer maintaining and enhancing product quality and reliability at Proofpoint. Involves debugging, customer support, and feedback to development teams.
Traveling Project Engineer – Concrete Division
Project Engineer providing operational support for the Concrete Team at NexGen. Responsible for assisting across various stages of the project lifecycle with an emphasis on teamwork and professional development.
ZScaler Certified Engineer
ZScaler Senior Consultant capturing client needs and executing projects. Building technical skills while ensuring cybersecurity for enterprise organizations with True Zero.
Global Client Environments Engineer
Global Client Environments Engineer managing ERP product support for clients in a remote capacity. Overseeing technical projects and client onboarding for ERP solutions.
FBS Power Automate, Copilot Engineer
AI & Automation Developer supporting design and deployment of AI-driven solutions with Microsoft Copilot Studio. Collaboration with architects to build intelligent agents and integrate AI capabilities across platforms.