Splunk Security Engineer

As a Splunk Security Engineer with G2IT, you will play a critical role in strengthening cybersecurity operations through advanced automation, integrations, and data analysis.

Requirements

• Develop, maintain, and execute automated SOAR playbooks across multiple systems and devices.
• Analyze log events, correlate data, and enhance threat detection and incident response workflows.
• Design and manage integrations between Splunk SOAR and DoD security platforms (e.g., Trellix ePO, Tanium, Cisco, Palo Alto, Active Directory, Tenable.SC/Nessus, VMware, ServiceNow, Azure, AWS, NetApp, Windows/Linux).
• Configure and administer Splunk Enterprise Security (ES), ensuring CIM compliance, Risk-Based Alerting (RBA), ticketing, and SIEM integrations.
• Apply and validate Enterprise Security Content Updates (ESCU).
• Lead the automation lifecycle: concept, deployment, documentation, and tuning.
• Build dashboards, reports, and response tools for security teams.
• Ensure compliance, operational readiness, and proactive detection across cloud, endpoint, network, and email infrastructures.
• Apply patches and upgrades to Splunk SOAR and its connectors.
• Maintain and expand development/test environments (Windows/Linux) for playbook validation.
• Fully test and document playbook execution, presenting solutions to stakeholders.