Splunk Security Engineer with Security Clearance

Description Are you interested in learning new technologies and creating new IT security capabilities? Do you want to be empowered to take ownership and have a stake in the overall security and assessment of the IT infrastructure? If so, we re looking for someone like you to join our team at APL! We are seeking a Splunk Security Engineer to be part of APL s Classified IT Services team. We provide technical expertise to meet compliance and security objectives in environments that require Audit & Logging Tool Administration & Operations, Auditing & Incident Identification, and Incident Response Coordination. Our collaborative workplace promotes learning, growth, and fosters team spirit! The Splunk Security Engineer will be a valued member of a team responsible for the overall engineering, operations, and maintenance of a Splunk environment spanning five classified security enclaves. The environments consist of forwarders, indexers, search heads, centralized log servers, and varying data ingests. You will coordinate operational responsibilities to include security and performance. You ll support the full system engineering life-cycle of the environment, including requirements analysis, design/architecting, integration, testing, documentation, implementation, and documentation. As a Splunk Engineer, you will... * Participate in the development of security-focused content for our Splunk implementations across five classified DoD networks. Coordinate with the security operations team and customers across the APL to build threat detection logic and dynamic operational dashboards. Assist with architecting log management and data ingest solutions to ensure they are scalable and efficient. Work with customers to onboard data sources and fully configure the security information and event management (SIEM) or security event management (SEM) to meet enterprise security and governance requirements. Assist with leading technical discussion with stakeholders and help manage client expectations, develop sophisticated reporting, and perform requirements management for stakeholders. Analyze and make recommendations for Risk Management Framework (RMF) compliance requirements. * Operate and maintain the Splunk operational architecture, to include the management of centralized log servers and reporting systems. Leverage expertise in governance, security technologies, information security, and networking to interact with clients and senior management regarding the current and future state of the Splunk architecture. Lead production support, management of the system hardware, and configuration of the underlying operating systems to meet scalability requirements while maintaining performance and stability. Leverage automation techniques and develop scripts to manipulate data repositories to support data and threat analysis. Develop documentation supporting management procedures and implementations guides for Splunk based solutions. * Leverage programming skills (e.g., CSS, HTML, JavaScript, Python, shell scripting) to automate security tools management. Build customized applications within Splunk such as searches, audit scripting, and visualization. Implement and manage Splunk add-ons to maximize capabilities, such as machine learning and advanced threat detection. Expertly leverage the Splunk Machine Learning Toolkit (MLTK) and the Splunk Search Processing Language (SPL) to develop network or entity-based anomaly detection alerting. * Assist with the Assessment and Authorization (A&A) of the Splunk environment. Perform risk assessments and Security Test & Evaluations (ST&E) of Splunk components and equipment under the IAVM and vulnerability management program. Review systems to identify potential security weaknesses, recommend improvements, and implement changes. Work with the Vulnerability Management team to remediate findings from Assured Compliance Assessment Solution (ACAS)/Nessus and Host-Based Security Solution (HBSS) scans, and other automated and manual assessment tools such as DoD Security Technical Implementation Guides (STIGs). Submit change requests for system components, develop a Plan of Action and Milestones (POA&M), and create documentation in support of RMF accreditations. * Perform log auditing and log management. Work closely with the operations team to monitor systems and environments for security incidents and general security operations. Track and help implement responses and actions to address operational and communication orders from governing organizations. Provide expert analysis of records to prevent or detect anomalies, or possible adverse events. Identify data accessed, destination and source addresses, timestamp, user login information, and specific sequence of activities in order to formulate courses of action and/or responses. Qualifications You will meet the minimum requirements if you have... * A BS degree in Computer Science, Management Information Systems, Computer Information Systems, Information Assurance, or comparable field or equivalent years of professional relevant* 2+ years of Security Engineering experience working with DoD IT enclaves, systems, and solutions* 2+ years experience with application and OS enterprise logging, managing Splunk and SIEM systems, creating rule sets and threat detection logic in Splunk* Ability to demonstrate Splunk Machine Learning Toolkit (MLTK), Splunk Search Processing Language (SPL) expertise and Regular Expression Language* Experience with using scripting languages such as CSS, HTML, JavaScript, Python, and shell scripting to automate tasks and manipulate data* Hold an active Secret security clearance with the ability to obtain a Top Secret clearance. If selected, you will be subject to a government security investigation and must meet the requirements for access to classified information. Eligibility requirements include U.S. citizenship.* Current industry certification aligned to DoD Manual 8570, 01-M for IAT II* Splunk Administrator or Architect Certification* Are able to work Occasional weekends and other after-hours to handle and/or complete critical project/work-related business needs.* Can demonstrate that you are fully vaccinated against COVID-19. To ensure the safety and well-being of the community, APL has established a policy requiring that all staff be vaccinated against COVID-19. All staff members must provide proof of full vaccination or have an approved medical or religious accommodation by their start date.You will go above and beyond our minimum requirements if you have... * Intermediate expertise with Red Hat Enterprise Linux (RHEL)* 1+ years of experience leveraging Splunk or audit logs for incident response and user behavior analytics* Experience with programming a plus* Experience with security tool data, including Network & Host Firewall, Tenable, Tanium, Forescout* Strong communication and presentation skillsWhy work at APL? The Johns Hopkins University Applied Physics Laboratory (APL) brings world-class expertise to our nations most critical defense, security, space and science challenges. While we are dedicated to solving complex challenges and pioneering new technologies, what makes us truly outstanding is our culture. We offer a vibrant, welcoming atmosphere where you can bring your authentic self to work, continue to grow, and build strong connections with inspiring teammates. At APL, we celebrate our differences and encourage creativity and bold, new ideas. Our employees enjoy generous benefits, including a robust education assistance program, unparalleled retirement contributions, and a healthy work/life balance. APLs campus is located in the Baltimore-Washington metro area. Learn more about our career opportunities at CJ LI-KW1 About Us APL is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, creed, color, religion, sex, gender identity or expression, sexual orientation, national origin, age, physical or mental disability, genetic information, veteran status, occupation, marital or familial status, political opinion, personal appearance, or any other characteristic protected by applicable law. APL is committed to promoting an innovative environment that embraces diversity, encourages creativity, and supports inclusion of new ideas. In doing so, we are committed to providing reasonable accommodation to individuals of all abilities, including those with disabilities. If you require a reasonable accommodation to participate in any part of the hiring process, please contact . Only by ensuring that everyone''s voice is heard are we empowered to be bold, do great things, and make the world a better place.

Created: 2025-11-15