Apply on Employer Site

Peraton · 2 weeks ago

Frontend Splunk Security Engineer

USA

Full-time

Hybrid

Mid, Senior Level

$80K/yr - $128K/yr

6+ years exp

Peraton is a next-generation national security company that drives missions of consequence. They are seeking an experienced Splunk Front-End Engineer to design, build, and maintain user-focused dashboards and reports, translating raw data into actionable visualizations for various stakeholders.

Information TechnologyRobotics

No H1B

U.S. Citizen Only

Responsibilities

Architect and implement Splunk dashboards for data-center asset inventory and vulnerability reporting

Build Executive dashboards that filter and highlight critical assets for situational awareness

Normalize dashboard layouts, panels, and visualizations to a consistent styling and naming convention

Optimize searches and SPL queries for performance and scalability

Integrate new data sources and onboard security systems into Splunk

Map CVE and asset owner data into asset-centric dashboards

Produce and maintain dashboard documentation: data sources, queries, drill-downs, and user guides

Collaborate with stakeholders to plan new dashboards, define requirements, wireframes, and success metrics

Assess, develop, and implement security policies and procedures to align with frameworks such as NIST RMF, FedRAMP, FISMA, ISO 27001, and DoD STIGs

Conduct security risk assessments and gap analyses to identify vulnerabilities in systems and networks

Ensure compliance with federal regulations, industry standards, and organizational security policies

Assist in the preparation of System Security Plans (SSPs), Security Control Assessments (SCAs), and Authority to Operate (ATO) packages

Perform Plan of Action & Milestones (POA&M) management, tracking remediation efforts for security findings

Monitor security logs, alerts, and events using SIEM tools (e.g., System Security / Information Assurance Analyst, ArcSight, etc.) to detect, investigate, and mitigate cyber threats

Respond to security incidents, vulnerabilities, and breaches, conducting forensic analysis and impact assessments

Develop and refine incident response plans (IRPs) and participate in cybersecurity exercises and drills

Configure and manage security controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), endpoint security, and encryption solutions

Support the implementation of Zero Trust Architecture (ZTA) and Identity & Access Management (IAM) controls

Perform patch management and vulnerability remediation for IT assets, ensuring compliance with security benchmarks (DISA STIGs, CIS Benchmarks, SCAP)

Develop and maintain security documentation, policies, and procedures for system accreditation

Conduct security awareness training for employees and stakeholders

Support audit and certification processes, working with internal and external security assessors

Review secure software development lifecycle (SDLC) practices, ensuring applications meet security best practices

Assist in securing cloud-based environments (AWS, Azure, Google Cloud) through security controls like CASB, CSPM, and cloud encryption

Conduct security reviews for third-party applications and vendors to mitigate supply chain risks

Qualification

Splunk dashboardsSPL proficiencySecurity policiesIncident responseCloud securityCybersecurity certificationsZero Trust principlesSIEM solutionsVulnerability managementTraining skillsCommunication skillsOrganizational skillsTeam collaboration

Required

Bachelor's degree in Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology, or related IT field with 5 years of relevant experience; or Masters with 3 years of relevant experience; or High School with 9 years of relevant experience

Minimum 6 years hands-on experience building and supporting Splunk dashboards, reports, and saved searches

3 years proficiency with SPL, Dashboard Studio, data models, and the Asset Framework

3 years experience using the following tools and technologies: Splunk Enterprise (Search, SPL, Dashboard Studio, Data Models, Asset Framework), Splunk IT Service Intelligence (ITSI), Splunk Security Essential, JIRA, Git, REST APIs, JSON, Basic CSS/HTML for dashboard theming

US Citizenship required with the ability to obtain an FAA Public Trust clearance prior to start

Preferred

Bachelor's degree in Computer Science, Cybersecurity, Engineering, Information Systems, Mathematics, Technology, or related IT field with 6 years of relevant experience; or Masters with 4 years of relevant experience; or High School with 10 years of relevant experience

Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Certified Ethical Hacker (CEH), Certified Authorization Professional (CAP), Security+, Information Technology (IT) certification, or equivalent certification (Must obtain within 12 months of start if not currently certified.)

Strong understanding of asset-centric reporting, CVE tracking, and executive situational awareness use cases

Proven ability to optimize Splunk search performance and design intuitive UI layouts

In-depth understanding of the Continuous Diagnostics and Mitigation (CDM) program and its phases (vulnerability management, configuration management, identity and access management, and incident response)

Proficiency in Zero Trust principles, including micro-segmentation, least-privilege access, and continuous verification of users, devices, and services

Expertise in the NIST Risk Management Framework (RMF) (SP 800-37/SP 800-53), from categorization through monitoring and continuous authorization

Familiarity with the Cybersecurity Assessment and Secure Mission (CASM) model for evaluating control effectiveness and mission impact

Knowledge of Federal Information Security Modernization Act (FISMA) requirements and annual reporting processes

Experience applying FedRAMP security controls for cloud service providers and managing authorization packages (SSP, SAR, POA&M)

Understanding of DISA STIG and SCAP standards for system hardening and automated compliance checking

Ability to map organizational controls to CISA CDM dashboard metrics and drive dashboard data integrations

Writing scripts in Python, PowerShell, or Bash for security automation and log

Automating security control enforcement using Ansible, Terraform, or cloud-native security tools

Securing cloud environments (AWS, Azure, Google Cloud) with Zero Trust, CASB, and cloud-native security controls

IAM, Privileged Access Management (PAM), and Role-Based Access Control (RBAC)

Knowledge of cyber threats, attack vectors, Advanced Persistent Threats (APTs), and malware analysis

Security Information and Event Management (SIEM) solutions like Splunk, ArcSight, or QRadar

Firewalls, IDS/IPS (Snort, Suricata), VPNs, and endpoint security

Secure configurations based on CIS Benchmarks, DISA STIGs, and SCAP

Proficient in analysis activities and capable of applying theoretical body of knowledge, including the ability to apply a variety of standard and advanced analytical techniques and tools

Assessing risk impact and security control effectiveness in real-world

Making data-driven decisions to improve security posture while balancing operational

Ability to analyze security threats, correlate logs, and identify vulnerabilities in systems and networks

Troubleshooting security issues across multi-layered

Ability to make decisions in accordance with established policies, guidelines and

Working with cross-functional teams, executives, and auditors to implement security best practices

Training employees on security awareness and compliance

Staying updated with emerging threats, security technologies, and regulatory

Ability to quickly adapt security strategies to evolving IT environments and

Writing security reports, compliance documentation (SSPs, POA&Ms), and security

Communicating security risks effectively to both technical and non-technical stakeholders

Strong organizational skills with the ability to multi-task, manage time effectively, and handle tight deadlines

Highly responsive to requested

Proficient in analysis activities and capable of applying theoretical body of knowledge, including the ability to apply a variety of standard and advanced analytical techniques and tools

Extensive knowledge of business issues and processes as well as IT and Security resources and enabling technologies

Skilled in the use of advanced analysis, facilitation and consultative techniques and tools and the ability to apply them in multiple settings of significant complexity

Excellent oral and written communication skills including the ability to effectively consult with stakeholders on a diverse range of IT activities

Ability to work with confidential and proprietary information using utmost