Remote Senior Cybersecurity Engineer (Splunk/SIEM Specialist)

Description:

• The Senior Cybersecurity Engineer (Splunk/SIEM Specialist) will oversee the day-to-day operations of the SIEM within the organization.
• They will design, deploy, and configure cutting-edge SIEM solutions (e.g. Splunk, Microsoft/Azure Sentinel, IBM QRadar) to meet evolving security needs.
• The role involves optimizing SIEM processes to ensure efficient log collection and employ event management best practices.
• Supporting security analysts in enabling threat identification, event detection, and information management is a key responsibility.
• The engineer will plan, implement, and manage the full data lifecycle for Splunk infrastructure.
• Managing correlation rules, filters, alerts, report generation, security content development, health checks, and performance tuning are essential tasks.
• Security assessments, audits, and ensuring regulatory compliance will be part of the job.
• Utilizing networking concepts, system administration, security fundamentals, and access controls for SIEM deployment and optimization is required.
• Implementing effective logging mechanisms and data collection methodologies to support SIEM operations is crucial.
• The engineer will work with the SIEM team to fine-tune components, analyze complex issues, and provide innovative solutions in the SIEM environment.
• Coordination with SOC monitoring/detection/analysis teams and incident response teams is necessary.
• Providing mentorship and direction to junior team members is also a responsibility.

Requirements:

• High School + 16 years of relevant experience, or AA/AS + 14 years of relevant experience, or BA/BS + 12 years of relevant experience, or MA/MS + 10 years of relevant experience.
• Experience managing and optimizing Splunk architecture components like search heads, indexers, heavy forwarders, universal forwarders, and clusters.
• Ability to develop regular expressions (regex) for data parsing and field extractions using props.conf and transforms.conf.
• Knowledge to design and implement large-scale data ingestion pipelines via APIs, syslog, and universal forwarders.
• Ability to troubleshoot and tune Splunk deployments for performance and stability, leveraging deep Linux systems knowledge.
• Experience building advanced data models and pivot interfaces for complex data analysis.
• Ability to develop and optimize SIEM content and processes, including managing correlation rules, filters, alerts, and report generation.
• Proficiency in scripting languages (e.g., Python, PowerShell) and automating tasks in a SIEM ecosystem.
• Strong understanding of networking and operating system administration fundamentals.
• One or more certifications required: Splunk Cloud Certified Admin, Splunk Enterprise Certified Admin, Splunk Enterprise Certified Architect, Splunk Enterprise Certified Consultant.
• U.S. Citizenship required.
• Ability to achieve Public Trust or higher.

Benefits:

• Comprehensive medical insurance including dental and vision.
• Short Term & Long-Term Disability.
• 401k Retirement Savings Plan with Company Match.
• Tuition and Professional Development Assistance.
• Flex Spending Accounts (FSA).