p

Senior Cybersecurity Engineer (Splunk/SIEM Specialist)

phia
Remote
United States
At phia we hire talented and passionate people who are focused on collaborative, meaningful work, providing technical and operational subject matter expertise and support services to our partners and clients.

phia is hiring a Senior Cybersecurity Engineer (Splunk/SIEM Specialist) to support cyber defense operations at a large Federal agency.  In this role, you will be pivotal in enhancing the security of both on-premises and cloud infrastructure, which is the foundation for essential security tools. This position offers full remote flexibility.  Qualified candidates will be U.S. Citizens and located in the United States, able to achieve Public Trust approval. 

What You'll Do

    • Oversee day-to-day operations of the SIEM within the organization.
    • Design, deploy, and configure cutting-edge SIEM solutions (e.g. Splunk, Microsoft/Azure Sentinel, IBM QRadar) to meet evolving security needs.
    • Optimize SIEM processes to ensure efficient and effective log collection and employ event management best practices.
    • Support security analysts in enabling threat identification, event detection, and information management.
    • Plan, implement, and manage full data lifecycle for Splunk infrastructure (data ingestion, compression, indexing, archiving, etc.).
    • Manage correlation rules, filters, alerts, report generation, security content development and delivery, health checks, and performance tuning.
    • Perform security assessments, and audits, and ensure regulatory compliance.
    • Leverage proficiency in networking concepts, system administration, security fundamentals, and access controls for SIEM deployment and optimization
    • Implement effective logging mechanisms and data collection methodologies to support SIEM operations
    • Utilize technical knowledge across multiple domains to configure, maintain, and enhance the SIEM solution
    • Work with the SIEM team to fine-tune components, analyze complex issues, and provide innovative solutions in the SIEM environment.
    • Coordinate with SOC monitoring/detection/analysis teams and incident response teams.
    • Provide mentorship and direction to junior team members.

Required: Education + Experience

    • High School + 16 years of relevant experience, or
    • AA/AS + 14, years of relevant experience, or
    • BA/BS + 12, years of relevant experience, or
    • MA/MS + 10, years of relevant experience 
    • Experience managing and optimizing Splunk architecture components like search heads, indexers, heavy forwarders, universal forwarders, and clusters
    • To understand and configure Splunk indexing processes, including hot/warm/cold buckets and data models
    • Ability to develop regular expressions (regex) for data parsing and field extractions using props.conf and transforms.conf
    • Knowledge to design and implement large-scale data ingestion pipelines via APIs, syslog, and universal forwarders
    • Ability to troubleshoot and tune Splunk deployments for performance and stability, leveraging deep Linux systems knowledge
    • Experience building advanced data models and pivot interfaces for complex data analysis
    • Ability to develop and optimize SIEM content and processes, including managing correlation rules, filters, alerts, and report generation.
    • Proficiency in scripting languages (e.g., Python, PowerShell) and automating tasks in a SIEM ecosystem.
    • Strong understanding of networking and operating system administration fundamentals.

Certifications- One or more required (or similar certifications in SIEM technology):

    • Splunk Cloud Certified Admin
    • Splunk Enterprise Certified Admin
    • Splunk Enterprise Certified Architect
    • Splunk Enterprise Certified Consultant

Security Clearance

    • U.S. Citizenship required
    • Ability to achieve Public Trust or higher

Desired

    • Expertise in integrating diverse threat intelligence feeds for proactive threat detection.
    • Familiarity with emerging security technologies and proactive engagement in the field
    • Broad familiarity with various security tools beyond SIEM technology.
#LI-LC1

Who You Are
 A proactive problem solver that appreciates the challenges of working in a fast-paced, dynamic environment.
Intellectually curious with a genuine desire to learn and advance your career.
An effective communicator, both verbally and in writing.
Customer service-oriented and mission-focused.
Critical thinker with excellent problem-solving skills
 
If your experience and qualifications aren’t a match for this position, you will remain in our database for consideration for future opportunities that may be a better fit.

Who We Are
phia, LLC is a Northern Virginia-based, small business established in 2011 with a focus on Cyber Intelligence, Cyber Security/Defense, Intrusion Analysis & Incident Response, Cyber Architecture & Capability Analysis, Cyber Policy & Strategy, and Information Assurance/Security. we proudly support various agencies and offices within the Department of Defense (DoD), Federal government, and private/commercial entities.
phia values work-life balance and offers the following benefits to full-time employees:
 Comprehensive medical insurance to include dental and vision
Short Term & Long-Term Disability
 401k Retirement Savings Plan with Company Match
Tuition and Professional Development Assistance Flex Spending Accounts (FSA)

phia does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity, or any other reason prohibited by law in the provision of employment opportunities and benefits.

Apply now
Share this job
Twitter Facebook Linkedin Email