G2IT LLC
Splunk Security Engineer
About the Role
As a Splunk Security Engineer with G2IT, you will play a critical role in strengthening cybersecurity operations through advanced automation, integrations, and data analysis. You'll be responsible for building and maintaining Splunk SOAR playbooks, configuring Splunk Enterprise Security, and integrating with a wide range of DoD systems and security tools. This position is ideal for someone with deep Splunk expertise, strong problem-solving skills, and a passion for enabling mission-focused cybersecurity operations.
Key Responsibilities Develop, maintain, and execute automated SOAR playbooks across multiple systems and devices. Analyze log events, correlate data, and enhance threat detection and incident response workflows. Design and manage integrations between Splunk SOAR and DoD security platforms (e.g., Trellix ePO, Tanium, Cisco, Palo Alto, Active Directory, Tenable.SC/Nessus, VMware, ServiceNow, Azure, AWS, NetApp, Windows/Linux). Configure and administer Splunk Enterprise Security (ES), ensuring CIM compliance, Risk-Based Alerting (RBA), ticketing, and SIEM integrations. Apply and validate Enterprise Security Content Updates (ESCU). Lead the automation lifecycle: concept, deployment, documentation, and tuning. Build dashboards, reports, and response tools for security teams. Ensure compliance, operational readiness, and proactive detection across cloud, endpoint, network, and email infrastructures. Apply patches and upgrades to Splunk SOAR and its connectors. Maintain and expand development/test environments (Windows/Linux) for playbook validation. Fully test and document playbook execution, presenting solutions to stakeholders. Required Qualifications
Active DoD TS/SCI clearance. Bachelor's degree with 8+ years of relevant experience, or Master's with 6+ years (additional experience/certifications may substitute). Current IAT Level II certification (e.g., Security+ CE) or ability to obtain within 30 days. 5+ years
of Splunk SOAR/Phantom experience (playbook development, troubleshooting, integrations). Expertise in Splunk Administration, security event analysis, and Python automation. Strong knowledge of cross-platform integrations and security tool APIs. Proven success in process improvement within dynamic security environments. Preferred Qualifications
IAT Level III certification (e.g., CISSP). Splunk Certified Enterprise Security Administrator. Proficiency with DoD security/operational tools (Active Directory, DNS, firewalls, email, ACAS, Trellix/Tanium, Splunk, STIGs, Windows/Linux). Strong technical writing skills for SOPs and documentation. Completion of Splunk SOAR training courses. Familiarity with MITRE ATT&CK and SOC triage workflows.
About the Role
As a Splunk Security Engineer with G2IT, you will play a critical role in strengthening cybersecurity operations through advanced automation, integrations, and data analysis. You'll be responsible for building and maintaining Splunk SOAR playbooks, configuring Splunk Enterprise Security, and integrating with a wide range of DoD systems and security tools. This position is ideal for someone with deep Splunk expertise, strong problem-solving skills, and a passion for enabling mission-focused cybersecurity operations.
Key Responsibilities Develop, maintain, and execute automated SOAR playbooks across multiple systems and devices. Analyze log events, correlate data, and enhance threat detection and incident response workflows. Design and manage integrations between Splunk SOAR and DoD security platforms (e.g., Trellix ePO, Tanium, Cisco, Palo Alto, Active Directory, Tenable.SC/Nessus, VMware, ServiceNow, Azure, AWS, NetApp, Windows/Linux). Configure and administer Splunk Enterprise Security (ES), ensuring CIM compliance, Risk-Based Alerting (RBA), ticketing, and SIEM integrations. Apply and validate Enterprise Security Content Updates (ESCU). Lead the automation lifecycle: concept, deployment, documentation, and tuning. Build dashboards, reports, and response tools for security teams. Ensure compliance, operational readiness, and proactive detection across cloud, endpoint, network, and email infrastructures. Apply patches and upgrades to Splunk SOAR and its connectors. Maintain and expand development/test environments (Windows/Linux) for playbook validation. Fully test and document playbook execution, presenting solutions to stakeholders. Required Qualifications
Active DoD TS/SCI clearance. Bachelor's degree with 8+ years of relevant experience, or Master's with 6+ years (additional experience/certifications may substitute). Current IAT Level II certification (e.g., Security+ CE) or ability to obtain within 30 days. 5+ years
of Splunk SOAR/Phantom experience (playbook development, troubleshooting, integrations). Expertise in Splunk Administration, security event analysis, and Python automation. Strong knowledge of cross-platform integrations and security tool APIs. Proven success in process improvement within dynamic security environments. Preferred Qualifications
IAT Level III certification (e.g., CISSP). Splunk Certified Enterprise Security Administrator. Proficiency with DoD security/operational tools (Active Directory, DNS, firewalls, email, ACAS, Trellix/Tanium, Splunk, STIGs, Windows/Linux). Strong technical writing skills for SOPs and documentation. Completion of Splunk SOAR training courses. Familiarity with MITRE ATT&CK and SOC triage workflows.