Senior Splunk Engineer

Job not on LinkedIn

🔥 0 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

Cherokee Federal

WebsiteLinkedInAll Job Openings

5001 - 10000 employees

Founded 1969

🏛️ Government

🔐 Security

🏢 Enterprise

Government • Security • Enterprise

Cherokee Federal is a U. S. federal systems integrator and government contractor that empowers mission success for more than 60 U. S. federal agencies. With a global workforce of over 5,000, it delivers advanced technology (cloud, cybersecurity, data & analytics), health services, intelligence analysis and operational support, logistics and sustainment, mission-critical manufacturing, program and engineering technical services, and dynamic contracting solutions to support federal priorities and national security. Cherokee Federal is part of Cherokee Nation Businesses and focuses on mission-focused, U. S. -made solutions.

📋 Description

• Design, build, test, and continuously improve Splunk Enterprise Security detection content. • Develop and tune correlation searches, notable events, adaptive response actions, dashboards, and investigation workflows. • Implement and optimize Risk-Based Alerting (RBA) strategies. • Improve detection quality while reducing false positives and minimizing false negatives. • Map detections to the MITRE ATT&CK Framework and maintain coverage metrics. • Partner with Incident Response teams to convert real-world incidents into improved detection content. • Participate in threat hunting, incident investigations, tabletop exercises, and purple team activities. • Develop cloud detections leveraging AWS GuardDuty, CloudTrail, Security Hub, IAM, EC2, S3, VPC Flow Logs, and related telemetry. • Maintain Common Information Model (CIM) compliance and improve data normalization. • Measure detection quality through precision, recall, MTTR, and analyst workload reduction. • Support future Splunk SOAR (Phantom) automation initiatives. • Integrate Splunk Enterprise Security with ServiceNow Incident Response and other security technologies. • Collaborate with Security Operations, Cloud Engineering, Vulnerability Management, and Incident Response teams. • Performs other job-related duties as assigned.

🎯 Requirements

• Active Public Trust clearance or the ability to obtain one. • Minimum seven (7) years of cybersecurity experience, including four (4) years in Detection Engineering, Security Operations, Incident Response, or Splunk Enterprise Security. • Experience building and tuning Splunk Enterprise Security correlation searches. • Hands-on Risk-Based Alerting (RBA) implementation experience. • Practical Incident Response experience or close partnership with IR teams. • Strong understanding of MITRE ATT&CK. • Experience improving detection fidelity and reducing false positives. • Strong AWS security knowledge including GuardDuty, CloudTrail, Security Hub, IAM, EC2, S3, and VPC Flow Logs. • Proficiency with SPL, Python, REST APIs, and Git. • Experience developing Splunk dashboards, reports, and investigations. • Excellent written and verbal communication skills. • Preferred: • - Splunk Enterprise Security certifications • - Splunk SOAR (Phantom) • - Detection-as-Code • - Sigma and YARA • - CrowdStrike or Microsoft Defender for Endpoint • - ServiceNow Incident Response • - Knowledge of FISMA, NIST RMF, FedRAMP, and CMMC • Must pass pre-employment qualifications of Cherokee Federal.

🏖️ Benefits

• Medical • Dental • Vision • 401(k) • Other possible benefits as provided. Benefits are subject to change with or without notice.