Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Cherokee Federal

Senior Splunk Detection Engineer

Cherokee Federal

Senior Splunk Detection Engineer improving Security Operations Center effectiveness through high-fidelity detections for the National Science Foundation Cybersecurity & Privacy Program.

Posted 7/10/2026full-timeRemote • 🇺🇸 United StatesSenior💰 $150,000 - $160,000 per yearWebsite

Tech Stack

Tools & technologies
AWSCloudCyber SecurityEC2PythonServiceNowSplunk

About the role

Key responsibilities & impact
  • Design, build, test, and continuously improve Splunk Enterprise Security detection content.
  • Develop and tune correlation searches, notable events, adaptive response actions, dashboards, and investigation workflows.
  • Implement and optimize Risk-Based Alerting (RBA) strategies.
  • Improve detection quality while reducing false positives and minimizing false negatives.
  • Map detections to the MITRE ATT&CK Framework and maintain coverage metrics.
  • Partner with Incident Response teams to convert real-world incidents into improved detection content.
  • Participate in threat hunting, incident investigations, tabletop exercises, and purple team activities.
  • Develop cloud detections leveraging AWS GuardDuty, CloudTrail, Security Hub, IAM, EC2, S3, VPC Flow Logs, and related telemetry.
  • Maintain Common Information Model (CIM) compliance and improve data normalization.
  • Measure detection quality through precision, recall, MTTR, and analyst workload reduction.
  • Support future Splunk SOAR (Phantom) automation initiatives.
  • Integrate Splunk Enterprise Security with ServiceNow Incident Response and other security technologies.
  • Collaborate with Security Operations, Cloud Engineering, Vulnerability Management, and Incident Response teams.
  • Performs other job-related duties as assigned.

Requirements

What you’ll need
  • Active Public Trust clearance or the ability to obtain one.
  • Minimum seven (7) years of cybersecurity experience, including four (4) years in Detection Engineering, Security Operations, Incident Response, or Splunk Enterprise Security.
  • Experience building and tuning Splunk Enterprise Security correlation searches.
  • Hands-on Risk-Based Alerting (RBA) implementation experience.
  • Practical Incident Response experience or close partnership with IR teams.
  • Strong understanding of MITRE ATT&CK.
  • Experience improving detection fidelity and reducing false positives.
  • Strong AWS security knowledge including GuardDuty, CloudTrail, Security Hub, IAM, EC2, S3, and VPC Flow Logs.
  • Proficiency with SPL, Python, REST APIs, and Git.
  • Experience developing Splunk dashboards, reports, and investigations.
  • Excellent written and verbal communication skills.

Benefits

Comp & perks
  • Medical
  • Dental
  • Vision
  • 401(k)
  • Other possible benefits as provided

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Detection EngineeringCorrelation SearchesIncident ResponseData NormalizationDetection Fidelity ImprovementDashboard DevelopmentPrecision and Recall MeasurementFalse Positive ReductionCloud DetectionsAutomation Initiatives
Soft Skills
Excellent Written CommunicationExcellent Verbal Communication
Certifications
Active Public Trust Clearance