SIEM Engineer
Apex Systems, Alexandria, VA, United States
Job Title:
Senior Splunk Enterprise Security (ES) SIEM Engineer
Location:
Alexandria, VA
Clearance:
TS/SCI (must be eligible to obtain or maintain)
***If interested, please send a copy of your resume to Emma at [email protected] ***
Position Overview
The Senior Splunk Enterprise Security professional serves as a subject matter expert for designing, implementing, tuning, and maintaining Splunk Enterprise and Enterprise Security to support enterprise-level security monitoring, threat detection, and incident response. This role works closely with security engineering, SOC operations, threat intelligence, and IT infrastructure teams to enhance visibility, strengthen detection capabilities, and ensure the overall effectiveness of SIEM operations.
Key Responsibilities
• Architect, deploy, and administer Splunk Enterprise Security in a large-scale, distributed environment
• Develop and optimize correlation searches, risk-based alerting (RBA) models, dashboards, data models, and notable events
• Lead onboarding, parsing, normalization, and CIM mapping for diverse security and IT data sources
• Conduct health checks, performance tuning, and capacity planning for Splunk indexers, search he• Install, configure, and maintain Splunk Enterprise components: indexers, search head clusters, deployment servers, heavy forwarders, and universal forwarders
• Administer and optimize clustered Splunk environments for performance, resiliency, and scalability
• Configure and manage data onboarding, parsing, props/transforms, index creation, retention policies, and storage planning ads, and cluster environments
• Enhance detection engineering by creating advanced detection logic for TTPs aligned to MITRE ATT&CK
• Collaborate with SOC analysts to operationalize detections and automate workflows via SOAR (if applicable)
• Monitor and improve data ingestion pipelines and troubleshoot indexing or search performance issues
• Maintain documentation, playbooks, and engineering standards for Splunk ES environments
• Mentor junior analysts/engineers and provide SME guidance during incidents and threat hunting activities
• Ensure compliance with enterprise security policies, regulatory frameworks, and audit requirements
• Manage distributed configurations using deployment server, cluster master, or deployment tools
• Implement best practices for system security, hardening, and compliance requirements
• Collaborate with ES and SOC teams to ensure data readiness and platform reliability for security operations
• Automate routine administrative tasks using scripts (Python, Bash, PowerShell)
• Maintain documentation for architecture, configuration standards, data onboarding, and operational procedures
• Provide mentorship and SMElevel technical guidance to Splunk users and junior administrators
Required Qualifications
• Bachelor's degree in Cybersecurity, Computer Science, IT, or related field (or equivalent experience)
• 5-10+ years of hands-on experience with Splunk Enterprise and Splunk ES
• Strong expertise in SPL query design, dashboards, macros, and data model acceleration
• Proven experience with CIM mapping, data ingestion onboarding, and parsing using props/transforms
• Understanding of SIEM operations, SOC workflows, and threat detection methodologies
• Knowledge of security tools (EDR, FW, IDS/IPS, cloud logs, vulnerability scanners, IAM logs, etc.)
• Familiarity with Linux/Unix systems, networking protocols, and cybersecurity fundamentals
• Ability to guide incident response activities and provide SME-level support
• Strong knowledge of Splunk architecture, clustering, indexing, and search optimization
• Experience with configuration files (props.conf, transforms.conf, inputs.conf, outputs.conf)
• Proficiency in Linux/Unix administration and system troubleshooting
• Handson experience with data ingestion, parsing, and log pipeline troubleshooting
• Familiarity with networking concepts (TCP/UDP, syslog, load balancing, SSL certificates)
• Experience with role-based access controls and authentication integrations
• Ability to lead Splunk upgrades, migrations, and architectural improvements
Preferred Qualifications
• Splunk certifications (Architect, Consultant, ES Analyst, Core Certified Power User, etc.)
• Experience with Splunk SOAR (Phantom) for automation
• Expertise with MITRE ATT&CK-aligned detection development
• Scripting/automation experience (Python, Bash, PowerShell)
• Experience in cloud security logging (AWS, Azure, GCP)
• Background supporting federal government or regulated industries
Soft Skills
• Strong analytical and problemsolving abilities
• Excellent communication and documentation skills
• Ability to lead and mentor teammates
• Comfortable working in a dynamic SOC or security engineering environment
EEO Employer
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or 844-463-6178.
Everforth Apex is a world-class IT services company that serves thousands of clients across the globe. When you join Everforth Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing® in Talent Satisfaction in the United States and Great Place to Work® in the United Kingdom and Mexico. Everforth Apex uses a virtual recruiter as part of the application process. Click here for more details.
Everforth Apex Benefits Overview:
Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Everforth Apex team member can provide.
Senior Splunk Enterprise Security (ES) SIEM Engineer
Location:
Alexandria, VA
Clearance:
TS/SCI (must be eligible to obtain or maintain)
***If interested, please send a copy of your resume to Emma at [email protected] ***
Position Overview
The Senior Splunk Enterprise Security professional serves as a subject matter expert for designing, implementing, tuning, and maintaining Splunk Enterprise and Enterprise Security to support enterprise-level security monitoring, threat detection, and incident response. This role works closely with security engineering, SOC operations, threat intelligence, and IT infrastructure teams to enhance visibility, strengthen detection capabilities, and ensure the overall effectiveness of SIEM operations.
Key Responsibilities
• Architect, deploy, and administer Splunk Enterprise Security in a large-scale, distributed environment
• Develop and optimize correlation searches, risk-based alerting (RBA) models, dashboards, data models, and notable events
• Lead onboarding, parsing, normalization, and CIM mapping for diverse security and IT data sources
• Conduct health checks, performance tuning, and capacity planning for Splunk indexers, search he• Install, configure, and maintain Splunk Enterprise components: indexers, search head clusters, deployment servers, heavy forwarders, and universal forwarders
• Administer and optimize clustered Splunk environments for performance, resiliency, and scalability
• Configure and manage data onboarding, parsing, props/transforms, index creation, retention policies, and storage planning ads, and cluster environments
• Enhance detection engineering by creating advanced detection logic for TTPs aligned to MITRE ATT&CK
• Collaborate with SOC analysts to operationalize detections and automate workflows via SOAR (if applicable)
• Monitor and improve data ingestion pipelines and troubleshoot indexing or search performance issues
• Maintain documentation, playbooks, and engineering standards for Splunk ES environments
• Mentor junior analysts/engineers and provide SME guidance during incidents and threat hunting activities
• Ensure compliance with enterprise security policies, regulatory frameworks, and audit requirements
• Manage distributed configurations using deployment server, cluster master, or deployment tools
• Implement best practices for system security, hardening, and compliance requirements
• Collaborate with ES and SOC teams to ensure data readiness and platform reliability for security operations
• Automate routine administrative tasks using scripts (Python, Bash, PowerShell)
• Maintain documentation for architecture, configuration standards, data onboarding, and operational procedures
• Provide mentorship and SMElevel technical guidance to Splunk users and junior administrators
Required Qualifications
• Bachelor's degree in Cybersecurity, Computer Science, IT, or related field (or equivalent experience)
• 5-10+ years of hands-on experience with Splunk Enterprise and Splunk ES
• Strong expertise in SPL query design, dashboards, macros, and data model acceleration
• Proven experience with CIM mapping, data ingestion onboarding, and parsing using props/transforms
• Understanding of SIEM operations, SOC workflows, and threat detection methodologies
• Knowledge of security tools (EDR, FW, IDS/IPS, cloud logs, vulnerability scanners, IAM logs, etc.)
• Familiarity with Linux/Unix systems, networking protocols, and cybersecurity fundamentals
• Ability to guide incident response activities and provide SME-level support
• Strong knowledge of Splunk architecture, clustering, indexing, and search optimization
• Experience with configuration files (props.conf, transforms.conf, inputs.conf, outputs.conf)
• Proficiency in Linux/Unix administration and system troubleshooting
• Handson experience with data ingestion, parsing, and log pipeline troubleshooting
• Familiarity with networking concepts (TCP/UDP, syslog, load balancing, SSL certificates)
• Experience with role-based access controls and authentication integrations
• Ability to lead Splunk upgrades, migrations, and architectural improvements
Preferred Qualifications
• Splunk certifications (Architect, Consultant, ES Analyst, Core Certified Power User, etc.)
• Experience with Splunk SOAR (Phantom) for automation
• Expertise with MITRE ATT&CK-aligned detection development
• Scripting/automation experience (Python, Bash, PowerShell)
• Experience in cloud security logging (AWS, Azure, GCP)
• Background supporting federal government or regulated industries
Soft Skills
• Strong analytical and problemsolving abilities
• Excellent communication and documentation skills
• Ability to lead and mentor teammates
• Comfortable working in a dynamic SOC or security engineering environment
EEO Employer
Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or 844-463-6178.
Everforth Apex is a world-class IT services company that serves thousands of clients across the globe. When you join Everforth Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing® in Talent Satisfaction in the United States and Great Place to Work® in the United Kingdom and Mexico. Everforth Apex uses a virtual recruiter as part of the application process. Click here for more details.
Everforth Apex Benefits Overview:
Everforth Apex offers a range of supplemental benefits, including medical, dental, vision, life, disability, and other insurance plans that offer an optional layer of financial protection. We offer an ESPP (employee stock purchase program) and a 401K program which allows you to contribute typically within 30 days of starting, with a company match after 12 months of tenure. Everforth Apex also offers a HSA (Health Savings Account on the HDHP plan), a SupportLinc Employee Assistance Program (EAP) with up to 8 free counseling sessions, a corporate discount savings program and other discounts. In terms of professional development, Everforth Apex hosts an on-demand training program, provides access to certification prep and a library of technical and leadership courses/books/seminars once you have 6+ months of tenure, and certification discounts and other perks to associations that include CompTIA and IIBA. Everforth Apex has a dedicated customer service team for our Consultants that can address questions around benefits and other resources, as well as a certified Career Coach. You can access a full list of our benefits, programs, support teams and resources within our 'Welcome Packet' as well, which an Everforth Apex team member can provide.