Senior Splunk Engineer & Cyber Defense Analys

Job Title:

Senior Splunk Engineer /

Cyber Defense Analyst Location:

Huntsville, AL (Redstone Arsenal Area) - 100%

Onsite Clearance:

Active TS/SCI Eligible, SECRET required

Employment Type:

Full-Time Position Summary We are seeking an experienced Senior Splunk Engineer & Cyber Defense Analyst to lead SIEM engineering, detection content development, and proactive hunt operations for a major DoD program in Huntsville. This hybrid role combines deep Splunk engineering expertise with hands-on cyber threat hunting across classified environments. You will own the performance, scale, and security of a multi‑terabyte/day Splunk Enterprise ecosystem while driving hypothesis-based hunts and guiding analysts across the SOC. This position reports to both the SOC Manager and the Program ISSM. Core Responsibilities Splunk Platform Engineering (≈50%) Architect, deploy, and sustain clustered Splunk Enterprise 9.x+ environments (SHC, Indexer Clustering, Cluster Master) on

RHEL 8/9

Engineer data ingestion pipelines Develop dashboards (Dashboard Studio), SPL searches, macros, and Python-based commands Threat Hunting & Detection Engineering (≈40%) Perform security monitoring procedures to identify, analyze and respond to cybersecurity events and incidents Conduct proactive hunts based on

MITRE ATT&CK

across endpoint, network, and cloud telemetry Lead Risk-Based Alerting (RBA) and TI Framework development within Splunk ES Build and tune detections using SPL or Sigma Perform deep-dive incident investigations and support

JFHQ-DODIN

reporting Leadership & Mentorship (≈10%) Serve as the technical escalation point for the SOC Mentor Tier 4-8 analysts in SPL, detection engineering, and adversary TTPs Required Qualifications Active DoD TS/SCI (U.S. Citizenship required) 8+ years in Cyber/IT, including: - 5+ years Splunk Administration - 3+ years operational threat hunting Expert-level Splunk ES, CIM, btool, and search optimization experience Meets DoDM 8140.03 qualification for DCWF 511 or 531 (Intermediate+) Qualifying certifications: GCIA, GCIH, GCFA, GCDA, GNFA, or CySA+ Security+ CE (or equivalent

IAT II/III

baseline requirement) Strong Python (Splunk SDK), Bash, and/or PowerShell scripting Highly Desired Skills Experience with Cribl Stream/Edge Advanced Splunk certifications (Architect, Consultant) Cloud telemetry integration experience (AWS GovCloud or Azure Gov IL5/IL6)