Sr Splunk Engineer Security Clearance

Position: Sr Splunk Engineer with Security Clearance
Senior Splunk Engineer (UBA & SOAR Focus)
Cybersecurity Operations
Miami, FL - Full-Time Onsite (100% In-Office)
IMMEDIATE START - Approximately 12 weeks duration
This position requires full-time onsite presence in Miami, FL for the duration of the project. No remote or hybrid options available. About Our Client
Our client is a federal contractor supporting critical national security operations. They provide advanced technology solutions and cybersecurity services to government agencies, ensuring the protection of sensitive data and infrastructure. With decades of experience in the defense and intelligence sectors, they maintain the highest standards of security, compliance, and operational excellence while supporting missions that protect national interests.

Job Description
URGENT NEED - IMMEDIATE START AVAILABLE
We're seeking an expert Senior Splunk Engineer with deep specialization in User Behavior Analytics (UBA) and Security Orchestration, Automation and Response (SOAR) for an immediate, high-priority federal project in Miami. This is a short-term, intensive engagement with approximately 12 weeks remaining to complete critical scope.
This is a hands-on technical role requiring someone who can hit the ground running with minimal ramp-up time. You'll be working onsite full-time in Miami, focusing on advanced Splunk implementations including UBA operations, SOAR playbook development, data optimization, and performance troubleshooting. The fast-paced nature of this project requires someone with proven experience who can work independently and deliver results quickly.
Your day-to-day will involve data normalization using CIM/ES, resolving indexing and latency issues, onboarding data from Kafka and other pipelines, optimizing data transport, and developing SOAR playbooks and integrations. This position requires an active Top Secret (TS) security clearance and the ability to work full-time onsite at a secure facility in Miami.
The ideal candidate has extensive hands-on Splunk experience with particular expertise in UBA and SOAR platforms, thrives under pressure, and can deliver high-quality technical solutions within compressed time frames. You must be comfortable working in secure government environments and possess the security clearance required for immediate access.
You'll work directly with the cybersecurity operations team and report to the Security Engineering leadership while supporting critical national security missions. Duties and Responsibilities
• Implement and optimize Splunk User Behavior Analytics (UBA) operations including data onboarding and tuning.
• Develop, configure, and maintain SOAR playbooks and integrations for automated security response workflows.
• Perform data normalization using Common Information Model (CIM) and Splunk Enterprise Security (ES) standards.
• Optimize data ingestion and indexing performance to ensure system efficiency and scalability.
• Troubleshoot and resolve latency issues and indexing contention across Splunk infrastructure.
• Onboard data from Kafka and other data pipelines ensuring proper formatting and integration.
• Conduct data quality remediation to ensure accuracy, completeness, and reliability of security data.
• Optimize data transport mechanisms to improve performance and reduce resource utilization.
• Configure and tune UBA threat detection models and anomaly detection algorithms.
• Integrate SOAR platform with security tools, ticketing systems, and other enterprise applications.
• Document configurations, playbooks, and operational procedures for knowledge transfer.
• Collaborate with security analysts and operations teams to refine automation and detection capabilities. Required Experience/Skills
• 5+ years of hands-on Splunk Enterprise experience with deep technical expertise across the platform.
• Expert-level experience with Splunk User Behavior Analytics (UBA) - this is critical and non-negotiable.
• Expert-level experience with Splunk SOAR (Phantom) including playbook development and integrations - this is critical and non-negotiable.
• Advanced proficiency in data normalization using Splunk Common Information Model (CIM) and…