×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

SOAR Engineer

Job in Alexandria, Fairfax County, Virginia, 22350, USA
Listing for: Cherokee Federal
Full Time position
Listed on 2026-03-02
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 60000 - 80000 USD Yearly USD 60000.00 80000.00 YEAR
Job Description & How to Apply Below

Senior Splunk Engineer

This position requires an active Public Trust clearance to be considered.

A government contract requires that this position be restricted to U.S. citizens or legal permanent residents. You must provide documentation that you are a U.S. citizen or legal permanent resident to qualify.

We are seeking a Senior Splunk Engineer to architect, build, and operate Splunk Enterprise and Enterprise Security (ES) across hybrid environments with a strong emphasis on AWS. You will own the Splunk platform end to end-ingest, CIM mapping, ES content, search and dashboard performance, SOAR automations, and Service Now IR integrations. You will drive detection, response, and reporting outcomes that meet FISMA/NIST RMF, FedRAMP, and CMMC requirements.

You will implement robust governance, RBAC, change control, and audit‑ready evidence. You will partner with SOC, IR, cloud, and platform teams to deliver measurable risk reduction and operational efficiency.

Compensation & Benefits

Estimated starting salary range:
Pay commensurate with experience.

Full‑time benefits include Medical, Dental, Vision, 401K, and other possible benefits. Benefits may change with or without notice.

Senior Splunk Engineer Responsibilities Include

  • Design, deploy, and maintain Splunk Enterprise, indexers, search heads (including SHC), cluster master/CM, deployment server/Deployer, forwarders, and KV stores across on‑prem and AWS.

  • Engineer scalable data onboarding pipelines, parsing, and indexing with props/transforms, HEC, UF/HF, and S3/SQS/SNS‑based ingestion.

  • Enforce RBAC, data retention, index strategy, knowledge object governance, and change control aligned to federal compliance.

  • Optimize search performance, data model accelerations, KV store usage, and ES notable event throughput and latency.

  • Develop and tune ES correlation searches, risk‑based alerting (RBA), and adaptive response actions mapped to MITRE ATT&CK.

  • Build dashboards, investigations, and notable event workflows that reduce false positives and drive analyst efficiency.

  • Maintain CIM‑compliant data models; lead normalization and data quality initiatives across cloud, endpoint, identity, and network sources.

  • Measure and report detection and response efficacy (MTTR, precision/recall, RBA risk scores, SLA adherence).

  • Engineer Splunk SOAR (Phantom) playbooks and apps with secure, scalable configurations to triage, enrich, and contain threats.

  • Integrate ES notables with automated triage and Service Now IR for incident creation, enrichment, SLA tracking, approvals, and evidence attachments.

  • Build AWS‑focused detection and response:
    Guard Duty, Cloud Trail, Security Hub, VPC Flow Logs, IAM, EC2, S3; implement safe actions (e.g., EC2 isolation, S3 access updates, EBS snapshots, IAM key rotation/MFA enforcement, Security Hub updates) with human‑in‑the‑loop approvals and rollback.

  • Integrate EDR and identity platforms for host containment, IOC blocking, and remote response via APIs.

  • Lead Splunk deployments in AWS including scalability, multi‑account/multi‑region ingestion, and cross‑account automation via Boto3 and native services.

  • Standardize reusable Python modules, SDK usage, and CI/CD practices for app/deployment packaging and version control.

  • Map controls to FISMA/NIST RMF, FedRAMP, and CMMC; maintain audit‑ready evidence through logging, approval trails, and configuration baselines.

  • Drive POA&M updates, control validations, and continuous monitoring dashboards.

  • Champion secrets management, least privilege, and safe‑response guardrails in all platform and automation changes.

  • Translate SOC/IR runbooks (phishing, malware, IAM abuse, EC2 compromise) into reliable detections and automations.

  • Mentor junior engineers and analysts on SPL, ES content development, CIM, and SOAR playbooks.

  • Partner with stakeholders to prioritize use cases and deliver quantifiable outcomes.

  • Other duties as assigned.

Experience, Education, Skills, Abilities

  • 7+ years in security engineering, SOC/IR, or platform engineering, including 4+ years designing and operating Splunk Enterprise and Splunk ES in production.

  • 3+ years hands‑on with Splunk SOAR (Phantom) and automation of ES notables and Service Now IR workflows.

  • St…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search