Hybrid Position: Sr. Splunk analyst in Rockville, MD

We are seeking an information security Sr. Splunk analyst who will be a key member of a consulting team providing advice, support and reporting to federal agencies, in the Incident Response & Risk Management areas of Information Security.

This role will be primarily responsible for but not limited to conducting incident handling tasks during different phases of Computer Security Incident Response (CSIR), engineering, implementing, and optimizing Splunk capabilities that support enterprise-wide cybersecurity monitoring, detection, automation and incident response.

The incumbent must be able to design custom dashboards based on defined requirements, support incident response and root cause analysis, and develop automation and integrations with Data Loss Prevention (DLP), ServiceNow events and other enterprise systems. This role directly contributes to the agency’s cybersecurity mission, ensuring visibility, resilience, and rapid response to threats.

Key Responsibilities

• Monitor and analyze security events and alerts from multiple sources, including security information and event management Security Information & Event Management (SIEM) software, network and host-based intrusion detection systems, firewall logs, and system logs (Windows, Linux, and Unix), and databases
• Design, develop, and maintain custom Splunk dashboards aligned with SOC and stakeholder requirements

·         Design and implement automation workflows, integrating Splunk with ServiceNow for incident management and response

• Support and employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).

·         Develop and optimize SPL queries, correlation searches, and detection use cases within Splunk Enterprise Security (ES)

·         Support incident response activities, including log analysis, event correlation, and forensic investigation

• Separate true threats from false positives using network and log analysis and escalate possible intrusions and attacks

·         Conduct root cause analysis (RCA) and produce technical reports and after-action documentation

·         Develop integrations using APIs, scripting (Python/PowerShell), and webhooks across security and IT systems

·         Ensure compliance with federal cybersecurity frameworks such as NIST SP 800-53, NIST 800-61, and CISA CDM

·         Optimize Splunk performance, data ingestion, and system scalability

·         Provide technical leadership and mentorship to SOC analysts and junior engineers

• Work within a team of diverse individuals and cross-functional teams to solve unique and complex problems with broad impact for client services and business.
• Provide clear, daily updates to management on security incidents; Investigate, document, and report on forensic investigations
• Provide daily updates to management concerning assigned or progressive security projects.

Basic Qualifications

• Excellent teamwork and interpersonal skills
• Experience with intrusion detection/prevention systems and SIEM software
• Ability to analyze event logs and recognize signs of cyber intrusions/attacks
• Ability to handle high pressure situations in a productive and professional manner
• Strong written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand language
• Experience with security frameworks (i.e., Mitre Attack, Cyber Kill Chain, etc.)
• Experience in network/host vulnerability analysis, intrusion analysis, digital forensics, or related areas
• Familiarity with but not limited to: Vulnerability Management (VM), Assessment and Authorization (A&A) process, Risk Management Framework (RMF)
• 2+ years of hands-on SOC/TOC/NOC experience
• GCIA, GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferred
• Understanding of programming/scripting languages and ability to run database queries
• Minimum bachelor’s degree in information security, Computer Science, or 8 years’ related experience
• Ability to work at the client’s site in Rockville, MD with limited telework/remote work options

Strong knowledge of the following

• Security Information & Event Management (SIEM)
• Secure Sockets Layer (SSL) Decryption / Transport Layer Security (TLS) Decryption
• Experience with Foreign Travel Threats and Vectors.
• Malware Detection, Endpoint Detection and Response (EDR)
• Packet Analysis with Network Monitoring Tools & a deep understanding of network protocols and devices.
• Mac OS, Windows, and Unix/Linux systems
• Email Security
• Data Loss Prevention (DLP)
• Anti-Virus: Microsoft Defender for Endpoint (MDE), Microsoft Defender Antivirus (MDAV)