Job was saved successfully.
Job was removed from Saved Jobs.

Job Details

Splunk Security Engineer


Applications Engineer


Suitland, Maryland, United States


Looking for an opportunity to make an impact?

At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers’ success. We empower our teams, contribute to our communities, and operate sustainably. Everything we do is built on a commitment to do the right thing for our customers, our people, and our community. Our Mission, Vision, and Values guide the way we do business.

If this sounds like an environment where you can thrive, keep reading!

Are you looking for an exciting job opportunity that will allow you to use your skills and expertise to make a real difference? The National Security Sector within has just the role for you! We are seeking for a Splunk Security Engineer to join our team at the National Maritime Intelligence Center in Suitland, MD. In this dynamic position, you will have the chance to work across projects and teams to provide support for the Office of Naval Intelligence's (ONI) Defense Cyber Operations mission. Your daily activities will directly impact real-world operations and assist utilizing Security Information Event Management platforms to support threat detection, compliance, and security incident management through the collection and analysis (both near real-time and historical) of security events, as well as a wide variety of other event and contextual data sources.

Great News! Program is now offering additional Paid Time Off or a Sign-on Bonus!

What Will You Do

You will analyze log events and other data across disparate sources; implement and leverage the latest operational capabilities (such as incident management, dashboards, and reporting); as well as Security Orchestration, Automation, and Response (SOAR) in order to resolve anomalous activity in a prescribed, repeatable, and automated fashion.

  • Work with stakeholders directly to build, design, deliver, re-write, and maintain efficient, reusable, and reliable security automations using Splunk SOAR

  • Create custom content and playbooks that interact with other tools/devices on the network to automate security response actions based on alerts / threats.

  • Configure, use and maintain a stack of deployed detection technologies; ticketing system integrations, SIEM integration (i.e., Splunk Enterprise Security); Splunk Enterprise Security detections that use Risk-Based Alerting (RBA); deployment of common detection technologies across common control points, including endpoint, network, email and cloud; stream of sources identified for threat intelligence integration; identity and access management tool deployment; API compatibility across existing technologies.

  • Be responsible for the lifecycle of an automation playbook, from requirements gathering and planning to design, testing, implementation, and maintenance.

  • Create detailed technical documentation pertaining to SOAR automations and collaborate with other internal teams as part of setting up SOAR integrations.

Your Areas of Knowledge & Expertise (job qualifications)

  • Bachelor's degree with a minimum of 7 or more years of related work experience; additional years of experience will be considered in lieu of degree.

  • 5 or more years of demonstrated experience in in Splunk Security Orchestration, Automation, and Response (SOAR)/Phantom, including developing playbooks, implementing integrations and troubleshooting.

  • Deep understanding of Splunk Administration (not just user knowledge)

  • Experience performing software integrations with Trellix, Cisco, Exchange, and Windows and Linux.

  • 2 or more years of hands-on experience using Splunk for both searching data and data analysis and for passing data to SOAR.

  • This role is highly detail oriented and will require hands-on knowledge of programming languages, APIs, and integrations to include strong programming skills in Python for automation.

  • Process improvement experience.

Clearance Required

  • An active DoD Top Secret/SCI level of clearance

IAT Certification Requirement

  • A current IAT Level II DoD Approved 8570-M Baseline Certification (e.g. Security+ce or equivalent) or the ability to obtain within 30 days from date of offer of acceptance.

Desired Skills (not required but would be a valuable asset)

  • Current IAT Level III DoD Approved 8570-M Baseline Certification (e.g. CISSP or equivalent)

  • Splunk Certified Enterprise Security Administrator

  • Experience with modeling languages like UML for structure, behavior, and interaction diagrams.

  • Ability to use Jira and ServiceNow for ticket tracking.

  • Technical writing skills for creating Standard Operating Procedures (SOPs) and other supporting documentation.

  • Completion of both "Developing SOAR Playbooks” and "Advanced SOAR Implementation” Training courses from Splunk.

  • Experience in Security Operations Center (SOC) workflows and the processes for alert triage, defining incident investigation at varying levels of severity, capturing critical metrics to measure SOC effectiveness, evaluating lessons learned after critical incidents, leveraging metrics for operational improvement, use standard incident response methodologies.

  • Experience in integrating MITRE ATT&CK detection framework.

This is an opportunity you won't want to miss! Join us today and be part of a dynamic team dedicated to making a difference. Apply today!



Original Posting Date:


While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

Pay Range $101,400.00 - $183,300.00

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.