Splunk UBA Engineer

Overview

On Site
Up to $150
Contract - Independent
Contract - W2
Contract - 12 Month(s)
No Travel Required

Skills

Splunk
UBA
Splunk UBA
Splunk UBA Engineer
User Behavior Analytics
Splunk User Behavior Analytics
SOC
data ingestion
normalization
threat model tuning
UBA cluster
Active Directory
VPN
firewalls
proxy
endpoint
threat detection
UBA detections
Splunk Enterprise Security
security engineering
security analytics
EDR
lateral movement
privilege escalation
insider threats
attack vectors
SOAR integrations
MITRE ATT&CK
threat detection frameworks
Python
PowerShell
API
Behavioral Modeling
Dashboard
Firewall
Incident Management
Machine Learning (ML)
Log Analysis
Security Clearance
Scripting
Virtual Private Network
Windows PowerShell
Threat Modeling
System On A Chip
Predictive Analytics
Analytical Skill
Elasticsearch
Proxies

Job Details

Splunk UBA Engineer
St Doral, FL (Onsite)
Contract role
Note:
  • Must have a Security Clearance.
Description:
We are seeking an experienced and analytical Splunk UBA Engineer to implement, optimize, and maintain our User Behavior Analytics (UBA) platform. In this role, you will use behavioral modeling and machine learning capabilities in Splunk UBA to identify insider threats, compromised accounts, data exfiltration, and other advanced attack techniques. You will work closely with SOC analysts, engineers, and data owners to turn user activity data into actionable intelligence and risk-based threat detections.
Key Responsibilities
  • Deploy, configure, and maintain the Splunk UBA platform, including data ingestion, normalization, and threat model tuning.
  • Deploy the UBA cluster, designing the build
  • Ingest and map logs from various sources (e.g., Active Directory, VPN, firewalls, proxy, endpoint, etc.) into UBA.
  • Develop and refine behavioral baselines and anomaly detection models to identify suspicious or malicious activity.
  • Tune and customize threat models to align with organizational risks and reduce false positives.
  • Collaborate with the SOC and threat detection teams to operationalize UBA detections through risk scoring, notable events, and incident response workflows.
  • Build and maintain dashboards, entity timelines, and investigative tools within UBA to support threat hunting and investigations.
  • Integrate UBA output with Splunk Enterprise Security (ES) or SOAR platforms for automated response and triage.
  • Continuously evaluate new data sources, use cases, and detection strategies to enhance UBA capabilities.
  • Document procedures, configurations, and threat model customizations.
Required Qualifications:
  • 2 4 years of experience in security engineering, threat detection, or security analytics.
  • Hands-on experience with Splunk UBA and a strong understanding of behavior-based threat detection.
  • Proficiency in log analysis and understanding of common data sources (AD, EDR, firewalls, VPN, etc.).
  • Knowledge of machine learning basics, anomaly detection, and risk-based scoring concepts.
  • Strong grasp of attack vectors such as lateral movement, privilege escalation, and insider threats.
  • Ability to write clear documentation and communicate findings effectively.
Preferred Qualifications:
  • Experience with Splunk Enterprise Security (ES) and/or SOAR integrations.
  • Familiarity with MITRE ATT&CK and threat detection frameworks.
  • Background in scripting (Python, PowerShell) and API-based data integrations.
  • Splunk certifications, such as Splunk Core Certified Power User or Splunk UBA Certified Admin.
  • Learning-based anomaly detection and predictive analytics.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.