Splunk User Entity Behavior Analytics Engineer
Role details
Job location
Tech stack
Job description
Position Overview: ACI Solutions is seeking a Senior Splunk UEBA Engineer to support enterprise-level logging, monitoring, and cybersecurity operations within a U.S. Government / FedRAMP-compliant environment. This role is responsible for administering, optimizing, and securing infrastructure while supporting mission-critical systems and SOC operations., Baseline Establishment and Anomaly Detection:
- Configure UEBA to establish user and entity activity baselines.
- Monitor, detect, and prioritize unusual behavior patterns using automated threat scoring
- techniques.
Requirements
· Ability to obtain and maintain a Public Trust or higher clearance
· Active clearance preferred, The ideal candidate brings deep Splunk expertise, hands-on experience in federal environments, and the ability to operate within the Splunk UEBA platform. The tasks shall include deployment assistance, system integration, configuration, monitoring, and continuous improvement, as outlined in the objectives section. These activities will help meet regulatory requirements, strengthen threat detection, and improve response times for security incidents., * 10+ years of overall IT experience (systems, cloud, or cybersecurity engineering)
-
3-5+ years of hands-on Splunk UEBA experience
-
Proven experience supporting U.S. Government or FedRAMP environments
-
Strong expertise in:
-
Splunk SPL (Search Processing Language)
-
Log ingestion, parsing, and normalization
-
Cloud platforms (AWS, Azure, or Google Cloud Platform)
Experience with:
- SIEM operations and SOC support
- Identity federation (SAML/SSO)
- RBAC and security best practices
Preferred Qualifications:
- Splunk certifications (e.g., Splunk Enterprise Certified Architect, Splunk Cloud Certified)
- Experience supporting federal agencies
- Familiarity with compliance frameworks (FedRAMP, NIST 800-53)
- Experience working within Splunk Cloud shared responsibility model
- Knowledge of DevOps / Infrastructure as Code practices