Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Cherokee Federal

Senior Splunk Engineer

Cherokee Federal

Senior Splunk Detection Engineer at Criterion Systems supporting NSF Cybersecurity & Privacy Program. Focused on improving SOC effectiveness with high-fidelity detections and incident response collaboration.

Posted 6/30/2026full-timeRemote • 🇺🇸 United StatesSenior💰 $150,000 - $160,000 per yearWebsite

Tech Stack

Tools & technologies
AWSCloudCyber SecurityEC2PythonServiceNowSplunk

About the role

Key responsibilities & impact
  • Design, build, test, and continuously improve Splunk Enterprise Security detection content.
  • Develop and tune correlation searches, notable events, adaptive response actions, dashboards, and investigation workflows.
  • Implement and optimize Risk-Based Alerting (RBA) strategies.
  • Improve detection quality while reducing false positives and minimizing false negatives.
  • Map detections to the MITRE ATT&CK Framework and maintain coverage metrics.
  • Partner with Incident Response teams to convert real-world incidents into improved detection content.
  • Participate in threat hunting, incident investigations, tabletop exercises, and purple team activities.
  • Develop cloud detections leveraging AWS GuardDuty, CloudTrail, Security Hub, IAM, EC2, S3, VPC Flow Logs, and related telemetry.
  • Maintain Common Information Model (CIM) compliance and improve data normalization.
  • Measure detection quality through precision, recall, MTTR, and analyst workload reduction.
  • Support future Splunk SOAR (Phantom) automation initiatives.
  • Integrate Splunk Enterprise Security with ServiceNow Incident Response and other security technologies.
  • Collaborate with Security Operations, Cloud Engineering, Vulnerability Management, and Incident Response teams.
  • Performs other job-related duties as assigned.

Requirements

What you’ll need
  • Active Public Trust clearance or the ability to obtain one.
  • Minimum seven (7) years of cybersecurity experience, including four (4) years in Detection Engineering, Security Operations, Incident Response, or Splunk Enterprise Security.
  • Experience building and tuning Splunk Enterprise Security correlation searches.
  • Hands-on Risk-Based Alerting (RBA) implementation experience.
  • Practical Incident Response experience or close partnership with IR teams.
  • Strong understanding of MITRE ATT&CK.
  • Experience improving detection fidelity and reducing false positives.
  • Strong AWS security knowledge including GuardDuty, CloudTrail, Security Hub, IAM, EC2, S3, and VPC Flow Logs.
  • Proficiency with SPL, Python, REST APIs, and Git.
  • Experience developing Splunk dashboards, reports, and investigations.
  • Excellent written and verbal communication skills.
  • Preferred:
  • - Splunk Enterprise Security certifications
  • - Splunk SOAR (Phantom)
  • - Detection-as-Code
  • - Sigma and YARA
  • - CrowdStrike or Microsoft Defender for Endpoint
  • - ServiceNow Incident Response
  • - Knowledge of FISMA, NIST RMF, FedRAMP, and CMMC
  • Must pass pre-employment qualifications of Cherokee Federal.

Benefits

Comp & perks
  • Medical
  • Dental
  • Vision
  • 401(k)
  • Other possible benefits as provided. Benefits are subject to change with or without notice.

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
SPLPythonREST APIsGitDetection EngineeringCorrelation SearchesCloud DetectionsData NormalizationDetection Fidelity ImprovementDashboard Development
Soft Skills
Excellent Written CommunicationExcellent Verbal Communication
Certifications
Splunk Enterprise Security Certifications