Senior Splunk Engineer

Green Cloud Consulting, LLC is seeking a Senior Splunk Engineer to join our team of qualified and diverse individuals. The qualified individual will be supporting our Department of Defense customer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or national origin

The selected candidate will lead Splunk platform operations, manage two Splunk Administrators, and drive the deployment, optimization, and sustainment of Splunk Enterprise, Splunk User Behavior Analytics (UBA), Splunk Security Orchestration, Automation, and Response (SOAR), and related monitoring and reporting capabilities.

This role requires practical experience operating in secure, compliance-driven environments, strong leadership capabilities, and a proactive approach to system reliability, threat detection, and operational excellence.

Key Responsibilities

Splunk Platform Management

• Install, configure, maintain, and troubleshoot Splunk Enterprise, UBA, and SOAR across on-premises and cloud/hybrid architectures.
• Perform system upgrades, patching, and performance tuning to ensure platform stability and scalability.
• Coordinate with infrastructure and cloud teams to support deployment and sustainment activities.
• Oracle Cloud Infrastructure (OCI) experience is strongly preferred.

UBA & SOAR Optimization

• Customize and fine-tune UBA behavioral analytics models to enhance threat detection.
• Design, configure, and maintain SOAR playbooks, integrations, and automated response workflows.
• Optimize automated actions to accelerate incident response and reduce mean time to resolution (MTTR).

Team Leadership & Mentorship

• Supervise, mentor, and provide technical leadership to junior Splunk Administrators.
• Delegate tasks, review deliverables, and support professional development aligned with mission objectives.
• Foster a collaborative, high-performance team environment within a matrixed organization.

Security & Compliance

• Implement and maintain Splunk configurations in compliance with defense agency security policies and data retention requirements.
• Apply STIGs and ensure continuous compliance with applicable cybersecurity controls.
• Support audits, inspections, and security reviews as required.

Incident Response & Operations

• Respond to cybersecurity and operational incidents using logs, dashboards, and analytical reporting.
• Proactively identify and remediate log ingestion, parsing, or analytics anomalies.
• Support preventative monitoring and continuous improvement of detection capabilities.

Collaboration & Agile Delivery

• Participate in Agile development processes, including stand-ups, sprint planning, and retrospectives.
• Use Jira for ticketing, backlog management, and documentation.
• Collaborate across IT, cybersecurity, and mission teams to meet program and agency objectives.

Documentation & Knowledge Management

• Develop and maintain technical documentation, SOPs, runbooks, and knowledge base articles.
• Share best practices and technical guidance across small, medium, and large cross-functional teams.

Log Management & Analytics

• Aggregate, parse, and normalize logs from diverse enterprise and defense data sources.
• Develop and maintain dashboards, alerts, reports, and custom searches to provide actionable intelligence.
• Ensure alignment with Splunk Common Information Model (CIM) standards.
• Perform system upgrades, patching, and performance tuning to ensure platform stability and scalability.
• Coordinate with infrastructure and cloud teams to support deployment and sustainment activities.
• Oracle Cloud Infrastructure (OCI) experience is strongly preferred.

Qualifications

Education & Experience

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• 6 years of hands-on Splunk experience to support cybersecurity and IT operations within a dynamic, mission-critical defense agency environment.
• Experience supporting enterprise and cloud deployments (OCI experience strongly preferred).
• Experience working in classified federal or DoD environments is a plus.
• Proven experience designing, tuning, and optimizing Splunk searches, dashboards, alerts, and data models.
• Experience integrating log sources common to defense and enterprise environments, including:

Windows and Linux systems

Network devices

Security appliances

• Experience supporting Agile workflows and Jira-based project management.

Technical Skills

• Strong knowledge of Windows Server and/or Linux administration.
• Experience with Active Directory, LDAP, MFA integrations, and RBAC.
• Familiarity with PowerShell or other scripting languages for automation.
• Experience with SIEM tools (Splunk, QRadar, etc.) and log analysis.
• In-depth knowledge of DoD security policies, STIGs, SRGs, and RMF processes.
• Advanced expertise with Splunk Enterprise, UBA, SOAR, and related Splunk modules.
• Strong scripting skills (e.g., Python, Bash) for automation and data manipulation.

Certifications & Competencies

• Splunk Certified Administrator (or higher)
• Active DoD 8140-approved certification for privileged access (e.g., Security+, CISSP, or equivalent).
• Demonstrated ability to lead a small technical team while coordinating with peer managers in a matrixed environment.
• Strong analytical, troubleshooting, and problem-solving skills with attention to detail.
• Excellent written and verbal communication skills with a customer-first mindset.
• Proven ability to brief senior and executive leadership in both Federal and commercial environments (preferred).
• Proactive, continuous learner who stays current on Splunk, cybersecurity, and security operations best practices.
• Secret Security Clearance

Benefits:

• Health Insurance
• 401K
• Paid Leave

Job Type: Full-time

Pay: $135,000.00 - $145,000.00 per year

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Health insurance
• Paid time off
• Vision insurance

Security clearance:

• Secret (Preferred)

Work Location: Remote