S
Sixgeninc7h ago
New
USD 100000-155000/yr

Security Analytics Engineer

Northern Virginiamid
Data EngineerData
0 views0 saves0 applied

Quick Summary

Requirements Summary

Splunk Enterprise Security (ES) Splunk SOAR Splunk UEBA Splunk Enterprise Extensive experience designing and managing CRIBL pipelines for enterprise log management and security telemetry.

Technical Tools
Data EngineerData

The Security Analytics Engineer is responsible for engineering, optimizing, and sustaining the enterprise security analytics platform that supports the organization's Security Fusion Center (SFC). This role designs, implements, and maintains security monitoring capabilities by developing advanced detection analytics, optimizing security telemetry, integrating enterprise security tools, and enabling automation across the cybersecurity ecosystem.

The ideal candidate is an expert in Splunk Enterprise Security and the broader Splunk platform, with extensive experience implementing and managing CRIBL data pipelines, security analytics, detection engineering, and enterprise log management. This individual partners with Threat Intelligence, Threat Hunting, Incident Response, and Security Operations teams to ensure security technologies provide timely, high-fidelity detection of evolving adversary tactics, techniques, and procedures (TTPs).

Responsibilities

~1 min read
  • Design, develop, and maintain enterprise security analytics supporting the Security Fusion Center.
  • Develop advanced detection logic, correlation searches, dashboards, reports, and alerts to identify emerging cyber threats.
  • Continuously improve detection capabilities by developing analytics aligned with current adversary tactics, techniques, and procedures (TTPs).
  • Engineer scalable solutions that improve security visibility, operational efficiency, and threat detection effectiveness.
  • Administer, configure, and optimize Splunk Enterprise Security (ES), Splunk User and Entity Behavior Analytics (UEBA), and Splunk Security Orchestration, Automation, and Response (SOAR).
  • Develop and maintain Splunk searches, correlation rules, risk-based alerting, dashboards, and knowledge objects.
  • Optimize data ingestion, indexing, data models, and search performance across large enterprise environments.
  • Support lifecycle management, upgrades, performance tuning, and operational maintenance of the Splunk platform.
  • Design, implement, and maintain CRIBL pipelines to efficiently collect, normalize, enrich, filter, and route enterprise security telemetry.
  • Optimize log ingestion and data transformation processes to improve analytics quality while reducing storage and licensing costs.
  • Develop parsing, enrichment, and routing logic supporting enterprise detection engineering.
  • Integrate data from cloud, endpoint, network, identity, and application security platforms into the Security Fusion Center analytics environment.
  • Develop and maintain detection analytics supporting proactive identification of advanced cyber threats.
  • Evaluate emerging security technologies and recommend enhancements aligned with enterprise cybersecurity strategy.
  • Support integration of enterprise security platforms, including SIEM, SOAR, EDR, identity security, vulnerability management, and cloud security tools.
  • Collaborate with Threat Hunting and Threat Intelligence teams to operationalize new detections based on emerging threats.
  • Operate, maintain, and continuously improve the Security Fusion Center Analytics Platform (SFCAP).
  • Support engineering efforts for enterprise security analytics platforms, including custom and commercial solutions.
  • Maintain an inventory of enterprise security tools and document system capabilities, integrations, and operational dependencies.
  • Support platform reliability, availability, scalability, and security.
  • Implement AI-enabled analytics and automation capabilities to improve ingestion, normalization, enrichment, correlation, and analysis of security telemetry.
  • Identify opportunities to automate repetitive engineering and operational tasks.
  • Research emerging technologies supporting security analytics, machine learning, and operational efficiency.
  • Assist in evaluating AI-enabled security operations capabilities and recommending implementation strategies.
  • Develop security use cases supporting enterprise adoption of ServiceNow Security Incident Response (SIR).
  • Design and document integrations between ServiceNow and enterprise security platforms.
  • Collaborate with operational teams to improve incident workflows through automation and orchestration.

Requirements

~1 min read
  • Bachelor's degree in Cybersecurity, Computer Science, Information Technology, Engineering, or a related field.
  • 5+ years of experience designing and supporting enterprise security analytics platforms.
  • Extensive hands-on experience administering and engineering:
    • Splunk Enterprise Security (ES)
    • Splunk SOAR
    • Splunk UEBA
    • Splunk Enterprise
  • Extensive experience designing and managing CRIBL pipelines for enterprise log management and security telemetry.
  • Experience developing detection content, correlation searches, dashboards, and security analytics.
  • Strong understanding of SIEM architecture, log management, telemetry normalization, and security data engineering.
  • Experience integrating enterprise security technologies including EDR, IDS/IPS, cloud security, identity platforms, vulnerability management, and network security tools.
  • Experience with scripting or automation using Python, PowerShell, or similar languages.
  • Strong understanding of MITRE ATT&CK, detection engineering methodologies, and Security Operations Center workflows.
  • Excellent analytical and troubleshooting skills.
  • Splunk Enterprise Certified Architect
  • Splunk Enterprise Certified Admin
  • Splunk Core Certified Power User
  • CRIBL Certified Administrator or equivalent experience
  • CISSP (Certified Information Systems Security Professional)
  • GIAC Certified Enterprise Defender (GCED)
  • Experience supporting federal government cybersecurity programs.
  • Experience supporting custom security analytics platforms, including proprietary Security Fusion Center analytics solutions.
  • Experience with ServiceNow Security Incident Response (SIR) integrations and workflows.
  • Expert knowledge of Splunk Enterprise Security architecture, engineering, and optimization.
  • Deep understanding of CRIBL data engineering, log routing, parsing, enrichment, and telemetry optimization.
  • Ability to design scalable enterprise security analytics architectures supporting large and complex environments.
  • Strong understanding of detection engineering, threat analytics, and adversary behavior.
  • Ability to engineer integrations between enterprise security platforms and automate operational workflows.
  • Experience evaluating emerging security technologies and recommending enterprise adoption strategies.
  • Excellent collaboration skills with Security Operations, Threat Intelligence, Threat Hunting, Incident Response, and Security Engineering teams.
  • Ability to translate operational requirements into scalable, maintainable security engineering solutions.

 

What We Offer

~2 min read
Competitive salary
Employer-paid health insurance premiums (medical, dental, vision)
Employer-paid short/long term disability insurance and basic life/AD&D insurance
401K with a 4% employer contribution
Professional development reimbursement options available (training, certification, education, etc)​
Flexible and remote work policies for most positions
Paid Time Off (PTO) at a rate of three (3) weeks plus one (1) day per year of service up to four (4) weeks annually
11 paid holidays per calendar year​

Location & Eligibility

Where is the job
Northern Virginia
On-site at the office
Who can apply
Same as job location

Listing Details

Posted
July 3, 2026
First seen
July 3, 2026
Last seen
July 3, 2026

Posting Health

Days active
0
Repost count
0
Trust Level
60%
Scored at
July 3, 2026

Signal breakdown

freshnesssource trustcontent trustemployer trust
Newsletter

Stay ahead of the market

Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

A
B
C
D
Join 12,000+ marketers

No spam. Unsubscribe at any time.

S
Security Analytics EngineerUSD 100000-155000