Posted today
Secret
Mid Level Career (5+ yrs experience)
$110,000 - $140,000
IT - Security
Herndon, VA (On/Off-Site)
The Splunk Content Engineer is a key member of the Security Operations Center (SOC) team, responsible for designing, tuning, and maintaining Splunk detection content, dashboards, alerts, and automation workflows. This role supports threat detection, investigation, and response across traditional IT environments as well as emerging IoT and OT systems. The Splunk Content Engineer enables SOC analysts and incident responders to identify and act on threats quickly and accurately across the full technology landscape.
Key Responsibilities
Design, develop, and optimize Splunk correlation searches, dashboards, and alerts to detect cybersecurity threats and suspicious activity across IT, IoT, and OT environments.
Build automation workflows, investigative queries, and response playbooks to support efficient incident triage, investigation, and response, with particular focus on IoT and OT protocols, behaviors, and constraints.
Partner closely with SOC analysts and engineers to reduce false positives, improve alert fidelity, and continuously refine detection logic.
Ensure detection content aligns with organizational security priorities for both IT and OT/IoT environments and adapts to evolving threat landscapes.
Required Qualifications
Active Secret clearance.
Hands-on experience developing, implementing, and managing Splunk correlation rules and security content.
Demonstrated ability to design and implement event correlation logic within Splunk environments.
Proven experience tuning Splunk correlation rules to reduce noise by filtering known network behavior, false positives, and known errors.
Experience maintaining event schemas and applying customized security severity criteria within Splunk.
Ability to create and maintain both scheduled and ad hoc reports in Splunk.
Strong understanding of Splunk architecture, technologies, and data ingestion methods, including event collector deployments in Windows and Linux environments.
Excellent written and verbal communication skills, with the ability to clearly explain technical concepts to non-technical audiences.
Key Responsibilities
Design, develop, and optimize Splunk correlation searches, dashboards, and alerts to detect cybersecurity threats and suspicious activity across IT, IoT, and OT environments.
Build automation workflows, investigative queries, and response playbooks to support efficient incident triage, investigation, and response, with particular focus on IoT and OT protocols, behaviors, and constraints.
Partner closely with SOC analysts and engineers to reduce false positives, improve alert fidelity, and continuously refine detection logic.
Ensure detection content aligns with organizational security priorities for both IT and OT/IoT environments and adapts to evolving threat landscapes.
Required Qualifications
Active Secret clearance.
Hands-on experience developing, implementing, and managing Splunk correlation rules and security content.
Demonstrated ability to design and implement event correlation logic within Splunk environments.
Proven experience tuning Splunk correlation rules to reduce noise by filtering known network behavior, false positives, and known errors.
Experience maintaining event schemas and applying customized security severity criteria within Splunk.
Ability to create and maintain both scheduled and ad hoc reports in Splunk.
Strong understanding of Splunk architecture, technologies, and data ingestion methods, including event collector deployments in Windows and Linux environments.
Excellent written and verbal communication skills, with the ability to clearly explain technical concepts to non-technical audiences.
group id: 91121246
