Splunk analyst

• Monitor and analyze security events and alerts from multiple sources, including security information and event management Security Information & Event Management (SIEM) software, network and host-based intrusion detection systems, firewall logs, and system logs (Windows, Linux, and Unix), and databases
• Design, develop, and maintain custom Splunk dashboards aligned with SOC and stakeholder requirements
• Design and implement automation workflows, integrating Splunk with ServiceNow for incident management and response
• Support and employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).
• Develop and optimize SPL queries, correlation searches, and detection use cases within Splunk Enterprise Security (ES)
• Support incident response activities, including log analysis, event correlation, and forensic investigation
• Separate true threats from false positives using network and log analysis and escalate possible intrusions and attacks
• Conduct root cause analysis (RCA) and produce technical reports and after-action documentation
• Develop integrations using APIs, scripting (Python/PowerShell), and webhooks across security and IT systems
• Ensure compliance with federal cybersecurity frameworks such as NIST SP 800-53, NIST 800-61, and CISA CDM
• Optimize Splunk performance, data ingestion, and system scalability
• Provide technical leadership and mentorship to SOC analysts and junior engineers
• Work within a team of diverse individuals and cross-functional teams to solve unique and complex problems with broad impact for client services and business.
• Provide clear, daily updates to management on security incidents; Investigate, document, and report on forensic investigations
• Provide daily updates to management concerning assigned or progressive security projects.

• Excellent teamwork and interpersonal skills
• Experience with intrusion detection/prevention systems and SIEM software
• Ability to analyze event logs and recognize signs of cyber intrusions/attacks
• Ability to handle high pressure situations in a productive and professional manner
• Strong written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Experience with security frameworks (i.e., Mitre Attack, Cyber Kill Chain, etc.)
• Experience in network/host vulnerability analysis, intrusion analysis, digital forensics, or related areas
• Familiarity with but not limited to: Vulnerability Management (VM), Assessment and Authorization (A&A) process, Risk Management Framework (RMF)
• 2+ years of hands-on SOC/TOC/NOC experience
• GCIA, GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred
• Understanding of programming/scripting languages and ability to run database queries
• Minimum bachelor's degree in information security, Computer Science, or 8 years' related experience
• Ability to work at the client's site in Rockville, MD with limited telework/remote work options

Strong knowledge of the following

• Security Information & Event Management (SIEM)
• Secure Sockets Layer (SSL) Decryption / Transport Layer Security (TLS) Decryption
• Experience with Foreign Travel Threats and Vectors.
• Malware Detection, Endpoint Detection and Response (EDR)
• Packet Analysis with Network Monitoring Tools & a deep understanding of network protocols and devices.
• Mac OS, Windows, and Unix/Linux systems
• Email Security
• Data Loss Prevention (DLP)
• Anti-Virus: Microsoft Defender for Endpoint (MDE), Microsoft Defender Antivirus (MDAV)