Splunk SIEM Engineer

Resource Management Concepts, Inc.

Splunk SIEM Engineer leading the transformation into a fully operational SIEM platform at RMC. Responsible for build-out and operations ensuring security insights and initiatives support.

Posted 4/30/2026full-timeCrane • 🇺🇸 United StatesMid-LevelSenior💰 $95,000 - $112,000 per yearWebsite

Tech Stack

Tools & technologies

Cyber SecuritySplunk

About the role

Key responsibilities & impact

Lead the transformation of the Splunk environment into a fully functional SIEM platform.
Manage and optimize the data ingestion pipeline.
Audit existing data sources for relevance and efficiency.
Eliminate unnecessary data ingestion to control licensing costs.
Onboard and integrate new data sources.
Parse, normalize, and map ingested data to the Splunk Common Information Model (CIM).
Configure, maintain, and optimize Splunk Enterprise Security (ES).
Configure, maintain, and optimize Splunk security orchestration, automation, and response platform (SOAR).
Develop and maintain correlation searches, detections, and use cases.
Create and tune alerts to improve fidelity and reduce false positives.
Build dashboards and visualizations for operational awareness and trend analysis.
Monitor overall platform health and performance.
Perform system upgrades, patching, and capacity planning.
Manage intra Splunk certificates.
Manage the lifecycle of security content.
Continuously refine detections and correlation rules.
Enhance visibility and detection coverage based on emerging threats.
Ensure consistent SIEM operations regardless of hosting environment or infrastructure ownership.
Support ongoing security operations and future cybersecurity initiatives.

Requirements

What you’ll need

A SecurityX, CASP, or equivalent DoD 8140 IAT-3 certification is required.
An interim DoD Secret security clearance or higher is required to start.
Hands-on experience with Splunk Enterprise and Splunk Enterprise Security (ES).
Strong understanding of SIEM architecture, design, and operations.
Experience with log ingestion, parsing, normalization, and CIM mapping.
Proficiency in developing correlation searches, alerts, and dashboards.
Experience tuning SIEM content to reduce false positives and improve detection accuracy.
Familiarity with data onboarding strategies and license optimization.
Knowledge of cybersecurity principles, threat detection, and incident response.
Experience with system administration tasks including patching, upgrades, and performance monitoring.
Experience operating Splunk in distributed or multi-tenant environments (preferred).
Knowledge of data pipelines and log forwarding technologies (e.g., syslog, APIs, forwarders) (preferred).
Familiarity with frameworks such as MITRE ATT&CK (preferred).
Experience supporting Zero Trust or advanced security architectures (preferred).
Preferred certifications (e.g., Splunk Certified Admin, Splunk ES Certified, Security+) (preferred).

Benefits

Comp & perks

RMC differentiates itself from other firms through its investment in our employees.
We invest our resources to train, certify, educate, and build our employees.
Competitive paid vacation package with 11 paid federal holidays.
High-quality, low-deductible healthcare plans.
Pet insurance.
Competitive 401K package.

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SplunkSplunk Enterprise Security (ES)SIEM architecturelog ingestionparsingnormalizationCIM mappingcorrelation searchesalert tuningdashboard development

Certifications

SecurityXCASPDoD 8140 IAT-3Splunk Certified AdminSplunk ES CertifiedSecurity+