Splunk User Entity Behavior Analytics Engineer

Aci Solutions
yesterday

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior

Job location

Remote

Tech stack

Amazon Web Services (AWS)
Azure
Cloud Computing
DevOps
Federated Identity Management
Parsing
Role-Based Access Control
Security Assertion Markup Language (SAML)
Security Information and Event Management
Systems Integration
Data Logging
Google Cloud Platform
Data Ingestion
Information Technology
Splunk

Job description

Position Overview: ACI Solutions is seeking a Senior Splunk UEBA Engineer to support enterprise-level logging, monitoring, and cybersecurity operations within a U.S. Government / FedRAMP-compliant environment. This role is responsible for administering, optimizing, and securing infrastructure while supporting mission-critical systems and SOC operations., Baseline Establishment and Anomaly Detection:

  • Configure UEBA to establish user and entity activity baselines.
  • Monitor, detect, and prioritize unusual behavior patterns using automated threat scoring
  • techniques.

Requirements

· Ability to obtain and maintain a Public Trust or higher clearance

· Active clearance preferred, The ideal candidate brings deep Splunk expertise, hands-on experience in federal environments, and the ability to operate within the Splunk UEBA platform. The tasks shall include deployment assistance, system integration, configuration, monitoring, and continuous improvement, as outlined in the objectives section. These activities will help meet regulatory requirements, strengthen threat detection, and improve response times for security incidents., * 10+ years of overall IT experience (systems, cloud, or cybersecurity engineering)

  • 3-5+ years of hands-on Splunk UEBA experience

  • Proven experience supporting U.S. Government or FedRAMP environments

  • Strong expertise in:

  • Splunk SPL (Search Processing Language)

  • Log ingestion, parsing, and normalization

  • Cloud platforms (AWS, Azure, or Google Cloud Platform)

Experience with:

  • SIEM operations and SOC support
  • Identity federation (SAML/SSO)
  • RBAC and security best practices

Preferred Qualifications:

  • Splunk certifications (e.g., Splunk Enterprise Certified Architect, Splunk Cloud Certified)
  • Experience supporting federal agencies
  • Familiarity with compliance frameworks (FedRAMP, NIST 800-53)
  • Experience working within Splunk Cloud shared responsibility model
  • Knowledge of DevOps / Infrastructure as Code practices

About the company

At ACI, you're more than just a team member; you're part of a mission-driven organization that supports critical government initiatives. We provide

Apply for this position