Information security Sr. Splunk analyst

seeking an information security Sr. Splunk analyst who will be a key member of a consulting team providing advice, support and reporting to federal agencies, in the Incident Response & Risk Management areas of Information Security.This role will be primarily responsible for but not limited to conducting incident handling tasks during different phases of Computer Security Incident Response (CSIR), engineering, implementing, and optimizing Splunk capabilities that support enterprise-wide cybersecurity monitoring, detection, automation and incident response.The incumbent must be able to design custom dashboards based on defined requirements, support incident response and root cause analysis, and develop automation and integrations with Data Loss Prevention (DLP), ServiceNow events and other enterprise systems. This role directly contributes to the agency's cybersecurity mission, ensuring visibility, resilience, and rapid response to threats.Key ResponsibilitiesMonitor and analyze security events and alerts from multiple sources, including security information and event management Security Information & Event Management (SIEM) software, network and host-based intrusion detection systems, firewall logs, and system logs (Windows, Linux, and Unix), and databasesDesign, develop, and maintain custom Splunk dashboards aligned with SOC and stakeholder requirementsDesign and implement automation workflows, integrating Splunk with ServiceNow for incident management and responseSupport and employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).Develop and optimize SPL queries, correlation searches, and detection use cases within Splunk Enterprise Security (ES)Support incident response activities, including log analysis, event correlation, and forensic investigationSeparate true threats from false positives using network and log analysis and escalate possible intrusions and attacksConduct root cause analysis (RCA) and produce technical reports and after-action documentationDevelop integrations using APIs, scripting (Python/PowerShell), and webhooks across security and IT systemsEnsure compliance with federal cybersecurity frameworks such as NIST SP 800-53, NIST 800-61, and CISA CDMOptimize Splunk performance, data ingestion, and system scalabilityProvide technical leadership and mentorship to SOC analysts and junior engineersWork within a team of diverse individuals and cross-functional teams to solve unique and complex problems with broad impact for client services and business.Provide clear, daily updates to management on security incidents; Investigate, document, and report on forensic investigationsProvide daily updates to management concerning assigned or progressive security projects.Basic QualificationsExcellent teamwork and interpersonal skillsExperience with intrusion detection/prevention systems and SIEM softwareAbility to analyze event logs and recognize signs of cyber intrusions/attacksAbility to handle high pressure situations in a productive and professional mannerStrong written and verbal communication skills and the ability to present complex technical topics in clear and easy-to-understand languageExperience with security frameworks (i.e., Mitre Attack, Cyber Kill Chain, etc.)Experience in network/host vulnerability analysis, intrusion analysis, digital forensics, or related areasFamiliarity with but not limited to: Vulnerability Management (VM), Assessment and Authorization (A&A) process, Risk Management Framework (RMF)2+ years of hands-on SOC/TOC/NOC experienceGCIA, GCIH, GCFE, CISSP, Security +, Network +, CEH, RHCA, RHCE, MCSA, MCP, or MCSE preferredUnderstanding of programming/scripting languages and ability to run database queriesMinimum bachelor's degree in information security, Computer Science, or 8 years' related experienceAbility to work at the client's site in Rockville, MD with limited telework/remote work optionsStrong knowledge of the followingSecurity Information & Event Management (SIEM)Secure Sockets Layer (SSL) Decryption / Transport Layer Security (TLS) DecryptionExperience with Foreign Travel Threats and Vectors.Malware Detection, Endpoint Detection and Response (EDR)Packet Analysis with Network Monitoring Tools & a deep understanding of network protocols and devices.Mac OS, Windows, and Unix/Linux systemsEmail SecurityData Loss Prevention (DLP)Anti-Virus: Microsoft Defender for Endpoint (MDE), Microsoft Defender Antivirus (MDAV)

Created: 2026-05-09