Senior Splunk Engineer

Cherokee Federal LLC, through its division Criterion, is a distinguished federal contracting company owned by Cherokee Nation Businesses, dedicated to providing exceptional services to over 60 federal government clients. Known for its commitment to building a brighter future and solving complex governmental challenges, Cherokee Federal embodies compassion and dedication in its mission to support government operations. As a military-friendly employer, Cherokee Federal actively encourages veterans and active military personnel transitioning to civilian status to apply, upholding a commitment to diversity and inclusion in federal contracting. The organization prides itself on fostering an environment where technical expertise meets mission-driven service, enabling impactful contributions to national security and public sector advancement.

We are currently seeking a Senior Splunk Engineer to join our dynamic team to architect, build, and manage Splunk Enterprise and Splunk Enterprise Security (ES) platforms across hybrid environments, with a significant focus on Amazon Web Services (AWS). This full-time position requires an active Public Trust clearance and mandates that candidates be U.S. citizens or legal permanent residents, in compliance with contractual government requirements. The role entails comprehensive ownership of the Splunk platform, including data ingestion, Common Information Model (CIM) mapping, ES content development, search optimization, dashboard performance enhancement, Security Orchestration, Automation, and Response (SOAR) automation, and ServiceNow Incident Response (IR) integrations.

The Senior Splunk Engineer will play a pivotal role in driving detection, response, and reporting outcomes that align with stringent federal information security frameworks such as FISMA/NIST Risk Management Framework (RMF), FedRAMP, and the Cybersecurity Maturity Model Certification (CMMC). Responsibilities include implementing robust governance structures, role-based access control (RBAC), change control processes, and maintaining audit-ready evidence to meet federal compliance standards. This position demands close collaboration with Security Operations Center (SOC), Incident Response (IR), cloud infrastructure, and platform engineering teams to deliver measurable improvements in risk reduction and operational efficiency.

Candidates will be expected to design, deploy, and maintain scalable Splunk architectures, employing indexers, search heads including Search Head Clusters (SHC), cluster masters, deployment servers, forwarders, and KV stores across both on-premises and AWS cloud platforms. Expertise in engineering adaptable data onboarding pipelines and tuning ES correlation searches, risk-based alerting, and adaptive response actions mapped to the MITRE ATT&CK framework is essential. The role also involves developing dashboards and workflows to minimize false positives, enhance analyst productivity, and maintain data normalization using CIM standards.

Furthermore, the Senior Splunk Engineer will lead the creation and integration of SOAR playbooks, automate ES notable events, and manage seamless ServiceNow IR workflow integrations to facilitate incident creation and management. Strong AWS knowledge is critical, with a focus on services such as GuardDuty, CloudTrail, Security Hub, VPC Flow Logs, IAM, EC2, and S3. The role includes integrating endpoint detection and response (EDR) solutions and identity platforms to automate containment and remote response capabilities.

Additional responsibilities include leading Splunk deployments in AWS environments to ensure scalability, multi-account and multi-region ingestion, and automation leveraging AWS Boto3 and native services. The candidate will standardize Python modules, SDK usage, Continuous Integration/Continuous Deployment (CI/CD) practices for application packaging, and version control. Maintaining compliance with federal controls and continuous monitoring frameworks through audit-ready logging and configuration baselines is required. The position also calls for mentoring junior engineers and analysts in SPL, ES content development, CIM implementation, and SOAR playbook design.

The Senior Splunk Engineer will champion security best practices such as secrets management, the principle of least privilege, and safe-response guardrails in all platform and automation enhancements. The role offers an excellent opportunity to contribute to national security through innovative security analytics, automation, and incident response at scale within a respected federal contractor environment. Compensation is competitive and commensurate with experience, accompanied by comprehensive full-time benefits, including medical, dental, vision, and retirement plans.