Senior Splunk Engineer & Cyber Defense Analys

SPECIAL AEROSPACE SECURITY SERVICES INC
Redstone Arsenal, United States of America
27 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Redstone Arsenal, United States of America

Tech stack

Amazon Web Services (AWS)
Azure
Bash
Cloud Computing
Cluster Analysis
Computer Security
Intrusion Detection and Prevention
Python
Powershell
Red Hat Enterprise Linux - RHEL
Security Information and Event Management
Mitre Att&ck
Indexer
Cybercrime
Cyber Warfare
Splunk
Data Pipelines

Job description

We are seeking an experienced Senior Splunk Engineer & Cyber Defense Analyst to lead SIEM engineering, detection content development, and proactive hunt operations for a major DoD program in Huntsville. This hybrid role combines deep Splunk engineering expertise with hands-on cyber threat hunting across classified environments.

You will own the performance, scale, and security of a multi-terabyte/day Splunk Enterprise ecosystem while driving hypothesis-based hunts and guiding analysts across the SOC. This position reports to both the SOC Manager and the Program ISSM.

Core Responsibilities

Splunk Platform Engineering ( 50%)

  • Architect, deploy, and sustain clustered Splunk Enterprise 9.x+ environments (SHC, Indexer Clustering, Cluster Master) on RHEL 8/9
  • Engineer data ingestion pipelines
  • Develop dashboards (Dashboard Studio), SPL searches, macros, and Python-based commands

Threat Hunting & Detection Engineering ( 40%)

  • Perform security monitoring procedures to identify, analyze and respond to cybersecurity events and incidents
  • Conduct proactive hunts based on MITRE ATT&CK across endpoint, network, and cloud telemetry
  • Lead Risk-Based Alerting (RBA) and TI Framework development within Splunk ES
  • Build and tune detections using SPL or Sigma
  • Perform deep-dive incident investigations and support JFHQ-DODIN reporting

Leadership & Mentorship ( 10%)

  • Serve as the technical escalation point for the SOC
  • Mentor Tier 4-8 analysts in SPL, detection engineering, and adversary TTPs

Requirements

  • Active DoD TS/SCI (U.S. Citizenship required)
  • 8+ years in Cyber/IT, including:
  • 5+ years Splunk Administration
  • 3+ years operational threat hunting
  • Expert-level Splunk ES, CIM, btool, and search optimization experience
  • Meets DoDM 8140.03 qualification for DCWF 511 or 531 (Intermediate+)
  • Qualifying certifications: GCIA, GCIH, GCFA, GCDA, GNFA, or CySA+
  • Security+ CE (or equivalent IAT II/III baseline requirement)
  • Strong Python (Splunk SDK), Bash, and/or PowerShell scripting

Highly Desired Skills

  • Experience with Cribl Stream/Edge
  • Advanced Splunk certifications (Architect, Consultant)
  • Cloud telemetry integration experience (AWS GovCloud or Azure Gov IL5/IL6)

Apply for this position