G2IT
Overview
As a Splunk Security Engineer with G2IT, you will strengthen cybersecurity operations through automation, integrations, and data analysis. You will build and maintain Splunk SOAR playbooks, configure Splunk Enterprise Security, and integrate with a wide range of DoD systems and security tools. This role requires deep Splunk expertise, strong problem-solving skills, and a passion for mission-focused cybersecurity operations. Key Responsibilities
Develop, maintain, and execute automated SOAR playbooks across multiple systems and devices. Analyze log events, correlate data, and enhance threat detection and incident response workflows. Design and manage integrations between Splunk SOAR and DoD security platforms (e.g., Trellix ePO, Tanium, Cisco, Palo Alto, Active Directory, Tenable.SC/Nessus, VMware, ServiceNow, Azure, AWS, NetApp, Windows/Linux). Configure and administer Splunk Enterprise Security (ES), ensuring CIM compliance, Risk-Based Alerting (RBA), ticketing, and SIEM integrations. Apply and validate Enterprise Security Content Updates (ESCU). Lead the automation lifecycle: concept, deployment, documentation, and tuning. Build dashboards, reports, and response tools for security teams. Ensure compliance, operational readiness, and proactive detection across cloud, endpoint, network, and email infrastructures. Apply patches and upgrades to Splunk SOAR and its connectors. Maintain and expand development/test environments (Windows/Linux) for playbook validation. Fully test and document playbook execution, presenting solutions to stakeholders. Required Qualifications
Active DoD TS/SCI clearance. Bachelor’s degree with 8+ years of relevant experience, or Master’s with 6+ years (additional experience/certifications may substitute). Current IAT Level II certification (e.g., Security+ CE) or ability to obtain within 30 days. 5+ years of Splunk SOAR/Phantom experience (playbook development, troubleshooting, integrations). Expertise in Splunk Administration, security event analysis, and Python automation. Strong knowledge of cross-platform integrations and security tool APIs. Proven success in process improvement within dynamic security environments. Preferred Qualifications
Splunk Certified Enterprise Security Administrator. Proficiency with DoD security/operational tools (Active Directory, DNS, firewalls, email, ACAS, Trellix/Tanium, Splunk, STIGs, Windows/Linux). Strong technical writing skills for SOPs and documentation. Completion of Splunk SOAR training courses. Familiarity with MITRE ATT&CK and SOC triage workflows. Annual salary range is commensurate with experience. Equal Opportunity Employer: G2IT provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. All qualified applicants will receive consideration for employment without regard to any protected characteristic. Voluntary self-identification of disability and veteran status information is requested in accordance with applicable laws and is kept confidential.
#J-18808-Ljbffr
As a Splunk Security Engineer with G2IT, you will strengthen cybersecurity operations through automation, integrations, and data analysis. You will build and maintain Splunk SOAR playbooks, configure Splunk Enterprise Security, and integrate with a wide range of DoD systems and security tools. This role requires deep Splunk expertise, strong problem-solving skills, and a passion for mission-focused cybersecurity operations. Key Responsibilities
Develop, maintain, and execute automated SOAR playbooks across multiple systems and devices. Analyze log events, correlate data, and enhance threat detection and incident response workflows. Design and manage integrations between Splunk SOAR and DoD security platforms (e.g., Trellix ePO, Tanium, Cisco, Palo Alto, Active Directory, Tenable.SC/Nessus, VMware, ServiceNow, Azure, AWS, NetApp, Windows/Linux). Configure and administer Splunk Enterprise Security (ES), ensuring CIM compliance, Risk-Based Alerting (RBA), ticketing, and SIEM integrations. Apply and validate Enterprise Security Content Updates (ESCU). Lead the automation lifecycle: concept, deployment, documentation, and tuning. Build dashboards, reports, and response tools for security teams. Ensure compliance, operational readiness, and proactive detection across cloud, endpoint, network, and email infrastructures. Apply patches and upgrades to Splunk SOAR and its connectors. Maintain and expand development/test environments (Windows/Linux) for playbook validation. Fully test and document playbook execution, presenting solutions to stakeholders. Required Qualifications
Active DoD TS/SCI clearance. Bachelor’s degree with 8+ years of relevant experience, or Master’s with 6+ years (additional experience/certifications may substitute). Current IAT Level II certification (e.g., Security+ CE) or ability to obtain within 30 days. 5+ years of Splunk SOAR/Phantom experience (playbook development, troubleshooting, integrations). Expertise in Splunk Administration, security event analysis, and Python automation. Strong knowledge of cross-platform integrations and security tool APIs. Proven success in process improvement within dynamic security environments. Preferred Qualifications
Splunk Certified Enterprise Security Administrator. Proficiency with DoD security/operational tools (Active Directory, DNS, firewalls, email, ACAS, Trellix/Tanium, Splunk, STIGs, Windows/Linux). Strong technical writing skills for SOPs and documentation. Completion of Splunk SOAR training courses. Familiarity with MITRE ATT&CK and SOC triage workflows. Annual salary range is commensurate with experience. Equal Opportunity Employer: G2IT provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. All qualified applicants will receive consideration for employment without regard to any protected characteristic. Voluntary self-identification of disability and veteran status information is requested in accordance with applicable laws and is kept confidential.
#J-18808-Ljbffr