Splunk Security Engineer bei G2IT

Splunk Security Engineer

About the Role

As a Splunk Security Engineer with G2IT, you will play a critical role in strengthening cybersecurity operations through advanced automation, integrations, and data analysis. You’ll be responsible for building and maintaining Splunk SOAR playbooks, configuring Splunk Enterprise Security, and integrating with a wide range of DoD systems and security tools. This position is ideal for someone with deep Splunk expertise, strong problem-solving skills, and a passion for enabling mission-focused cybersecurity operations.

Key Responsibilities

• Develop, maintain, and execute automated SOAR playbooks across multiple systems and devices.
• Analyze log events, correlate data, and enhance threat detection and incident response workflows.
• Design and manage integrations between Splunk SOAR and DoD security platforms (e.g., Trellix ePO, Tanium, Cisco, Palo Alto, Active Directory, Tenable.SC/Nessus, VMware, ServiceNow, Azure, AWS, NetApp, Windows/Linux).
• Configure and administer Splunk Enterprise Security (ES), ensuring CIM compliance, Risk-Based Alerting (RBA), ticketing, and SIEM integrations.
• Apply and validate Enterprise Security Content Updates (ESCU).
• Lead the automation lifecycle: concept, deployment, documentation, and tuning.
• Build dashboards, reports, and response tools for security teams.
• Ensure compliance, operational readiness, and proactive detection across cloud, endpoint, network, and email infrastructures.
• Apply patches and upgrades to Splunk SOAR and its connectors.
• Maintain and expand development/test environments (Windows/Linux) for playbook validation.
• Fully test and document playbook execution, presenting solutions to stakeholders.

Required Qualifications

• Active DoD TS/SCI clearance.
• Bachelor’s degree with 8+ years of relevant experience, or Master’s with 6+ years (additional experience/certifications may substitute).
• Current IAT Level II certification (e.g., Security+ CE) or ability to obtain within 30 days.
• 5+ years of Splunk SOAR/Phantom experience (playbook development, troubleshooting, integrations).
• Expertise in Splunk Administration, security event analysis, and Python automation.
• Strong knowledge of cross-platform integrations and security tool APIs.
• Proven success in process improvement within dynamic security environments.

Preferred Qualifications

• IAT Level III certification (e.g., CISSP).
• Splunk Certified Enterprise Security Administrator.
• Proficiency with DoD security/operational tools (Active Directory, DNS, firewalls, email, ACAS, Trellix/Tanium, Splunk, STIGs, Windows/Linux).
• Strong technical writing skills for SOPs and documentation.
• Completion of Splunk SOAR training courses.
• Familiarity with MITRE ATT&CK and SOC triage workflows.