Find a Job
 

Arlington Jobs

Server Jobs in Arlington

Senior Splunk Engineer at Cherokee Federal

You're Viewing 1 Of 95,000+ Jobs On OysterLink

New hospitality jobs added daily. Browse by role, pay, or location.

Cherokee Federal logo

Cherokee Federal

Senior Splunk Engineer

Arlington, VA, USA|Remote, Travel, Onsite

Job Overview

briefcase

Employment Type

Full-time
moneybag

Compensation

Salary
Range $122,600.00 - $168,000.00
clock

Work Schedule

Standard Hours
diamond

Benefits

Medical
Dental
Vision
401k
Paid Time Off
Flexible spending account
Life insurance

Job Description

Cherokee Federal LLC, through its division Criterion, is a distinguished federal contracting company owned by Cherokee Nation Businesses, dedicated to providing exceptional services to over 60 federal government clients. Known for its commitment to building a brighter future and solving complex governmental challenges, Cherokee Federal embodies compassion and dedication in its mission to support government operations. As a military-friendly employer, Cherokee Federal actively encourages veterans and active military personnel transitioning to civilian status to apply, upholding a commitment to diversity and inclusion in federal contracting. The organization prides itself on fostering an environment where technical expertise meets mission-driven service, enabling... Show More

Job Requirements

  • Must have active Public Trust clearance
  • Must be U.S. citizen or legal permanent resident
  • Must provide documentation of citizenship or residency
  • 7+ years in relevant security engineering fields
  • 4+ years of Splunk production experience
  • 3+ years hands-on with Splunk SOAR
  • Strong AWS skills
  • Proven ServiceNow IR integration experience
  • Proficiency in SPL, Python, Boto3, SDKs, REST APIs, and version control
  • Ability to align with federal cybersecurity frameworks
  • Must pass pre-employment qualifications of Cherokee Federal

Job Qualifications

  • 7+ years in security engineering, SOC/IR, or platform engineering
  • 4+ years designing and operating Splunk Enterprise and Splunk ES in production
  • 3+ years hands-on experience with Splunk SOAR and automation of ES notable events
  • Strong AWS experience including GuardDuty, CloudTrail, Security Hub, IAM, EC2, S3, and VPC Flow Logs
  • Proven experience integrating ServiceNow Incident Response
  • Proficiency with SPL, Python, AWS Boto3, Splunk/Phantom SDKs, REST APIs, and Git-based version control
  • Deep knowledge of CIM, data model accelerations, index and retention strategies, and search performance tuning
  • Strong understanding of MITRE ATT&CK, CVE/CVSS, CISA KEV, and risk-based detection and automation
  • Experience aligning operations with FISMA/NIST RMF, FedRAMP, and CMMC standards including audit support
  • Preferred certifications include Splunk Core Certified Power User, Admin, Architect, ES Admin, AWS certifications, Security+, CySA+, CISSP, GCDA/GCSA
  • Preferred experience with Splunk Search Head Clusters, Deployment Server/Deployer, KV store management, ES content at scale, AWS Organizations, and ServiceNow IR customization and change management

Job Duties

  • Design, deploy, and maintain Splunk Enterprise and associated components across on-premises and AWS
  • Engineer scalable data onboarding pipelines and indexing mechanisms
  • Enforce RBAC, data retention, index strategies, and governance aligned with federal compliance
  • Optimize search performance, data models, and ES notable event throughput
  • Develop and tune ES correlation searches, risk-based alerting, and adaptive response mapped to MITRE ATT&CK
  • Build dashboards and workflows to reduce false positives and enhance analyst efficiency
  • Maintain CIM-compliant data models and lead normalization efforts
  • Measure and report detection and response efficacy metrics
  • Engineer Splunk SOAR playbooks and automate ES notable events with ServiceNow IR workflow integration
  • Build AWS-focused detection and response capabilities including GuardDuty, CloudTrail, Security Hub, VPC Flow Logs, and IAM
  • Integrate EDR and identity platforms for host containment and IOC blocking
  • Lead AWS Splunk deployments including multi-account, multi-region ingestion and automation
  • Standardize Python modules, SDK usage, and CI/CD practices
  • Map controls to federal cybersecurity standards and maintain audit-ready evidence
  • Drive POA&M updates, control validations, and monitoring dashboards
  • Promote secrets management and least privilege principles
  • Translate SOC/IR runbooks into reproducible detections and automations
  • Mentor junior engineers and analysts
  • Collaborate with stakeholders to prioritize use cases and deliver measurable outcomes
  • Perform other duties as assigned

Job Qualifications

Experience

Expert Level (7+ years)

Job Location

Don't Stop At One Job - There's More

Create a free profile

We'll match you with best jobs

Get job offers faster

Create Your Profile
Business woman
Business man
Search For More Opportunities:

More Jobs Like This:

View All