Cybersecurity Engineer - Splunk SME

Dragonfli Group is a cybersecurity and IT consulting firm headquartered in Washington, D.C. We provide expert services to clients across both government and commercial sectors, supporting projects that range from rapid assessments to multi-year digital transformation efforts. Our consultants work in on-site, hybrid, and remote environments based on client needs.

We’re hiring a Splunk Cyber Security SME to drive visibility, automation, and security intelligence across one of the largest data environments in the federal space. This isn’t just a monitoring role — you’ll be at the heart of designing and engineering Splunk infrastructure that supports national-scale operations. From real-time telemetry and alerting to advanced dashboards and automations, your work will directly impact mission-critical decision making.

If you’re ready to take on complex data challenges, work shoulder-to-shoulder with elite DevOps and Security teams, and engineer systems that scale — this role was built for you.

This is a remote role (U.S. only) with potential occasional off-hours or weekend support. U.S. Citizenship or Permanent Residency is required.



Responsibilities

• Architect and maintain enterprise-grade Splunk environments across on-prem and cloud platforms
• Create and manage knowledge objects, complex SPL queries, alerts, and dynamic dashboards
• Design and implement scalable data ingestion pipelines and parsing logic
• Collaborate with DevOps, Security, and Infrastructure teams to ensure optimal system performance
• Develop automation workflows and UI interfaces to enhance operational efficiency
• Troubleshoot data latency, availability, and integration challenges
• Support system maintenance, version upgrades, and environment hardening
• Contribute to technical mentorship and process documentation

Must-Have:

• 5+ Years of Splunk Experience Required
• Manages knowledge objects (fields, extractions, tags, event types, lookups, workflow actions, aliases, macros, and so on) – through automations, scripting, management server functions; to include .conf and .cfg files in scope of the last four Splunk Enterprise versions
• Experience with Splunk deployment and configuration management in large-scale environments
• Proficiency in writing complex Splunk queries, dashboards, and alerts using SPL (Search Processing Language)
• Experience with REST APIs for Splunk and external system integration
• Ability to analyze and troubleshoot complex data ingestion and parsing issues
• Designing and developing an automations workflow and dashboard interface for such
• Self-starter with a service-oriented mindset who will take action, find ways to solve problems, and move projects to conclusion independently
• Strong problem-solving skills and the ability to translate research insights into practical solutions that address real-world challenges.
• Strong communication and collaboration skills with the ability to articulate complex technical concepts to both technical and non-technical audiences.
• Experience in mentoring and guiding junior researchers or team members

Preferred:

• Ability to leverage the Splunk AI Assistant and other AI tools to increase accuracy and efficiency of task and other deliverables
• Advanced knowledge of Unix/Linux and/or Windows systems administration and troubleshooting
• Strong scripting skills in Bash, Python, JavaScript, SQL and PowerShell for automation and integration tasks
• Experience with Splunk upgrades, patching, and performance tuning
• Proficiency in integrating Splunk with cloud platforms (AWS, GCP, Azure)
• Understanding of security and compliance requirements and implementation of role-based access controls (RBAC) in Splunk
• Strong knowledge of logging standards and best practices across application and infrastructure layers
• Extensive knowledge of defense-in-depth principles, Network and Security architecture, network topology, IT device integrity, and common security elements.
• Executes new projects as well as data and user onboarding
• Strong understanding of IT and Cyber industry standards and technologies to include such controls governed by NIST, FISMA, and FedRamp
• Experience installing and utilizing and developing with the Splunk App for Data Science and Deep Learning.
• Experience installing and utilizing and developing with the Splunk SOAR Automation toolset
• Experience or background in the Cybersecurity, Systems/Network Administration or Observability industry

Must-have

• 5+ years of Splunk engineering experience in complex, high-volume environments
• Proficiency in SPL, knowledge object development, and configuration management
• Strong background in Linux/Unix systems administration
• Skilled in scripting languages (Python, Bash, PowerShell, etc.)
• Experience with REST APIs and external system integrations
• Ability to diagnose ingestion, parsing, and indexing issues at scale
• Self-driven problem solver with a consulting mindset and strong communication skills

Preferred Qualifications

• Experience with Splunk AI Assistant, SOAR, and DSDL frameworks
• Familiarity with cloud services (AWS, Azure, GCP) and hybrid deployments
• Understanding of NIST, FISMA, FedRAMP, and other security frameworks
• Expertise in role-based access controls (RBAC), secure logging, and compliance
• Background in cybersecurity, observability, or infrastructure engineering

• Insurance - health, dental, vision
• PTO & 11 Federal Holidays
• 401(k), employer match