Cyber Security Analyst IV (Splunk SIEM Engineering & Development)

Position Overview
The Cyber Security Analyst IV serves as a technical authority for SIEM architecture, development and automation. This role is responsible for building advanced correlation rules, dashboards and integrations that enhance our ability to detect, investigate and respond to evolving cybersecurity threats. Collaborating with stakeholders across security operations, IT and compliance, this position will ensure Splunk ES capabilities align with enterprise monitoring needs, federal cybersecurity requirements and best-practice engineering standards. 

Major Activities (Typical Duties/Responsibilities)

• Design, develop and maintain advanced dashboards, correlation searches and reports that deliver actionable visibility into security events and risks.
• Engineer scalable data ingestion pipelines, optimize search performance and maintain Common Information Model (CIM) compliance.
• Onboard, parse and normalize log data from diverse security tools, endpoints and cloud environments.
• Develop scripts and playbooks leveraging SOAR capabilities to streamline response processes and improve operational efficiency.
• Partner with SOC, IR and infrastructure teams to understand mission needs and deliver tailored Splunk solutions.
• Conduct platform health checks, capacity planning and tuning to maintain high performance and reliability. 
  
• Develop and maintain detailed technical documentation for Splunk configurations, workflows and integrations.
• Ensure all Splunk engineering and development efforts adhere to FISMA, NIST SP 800-53 and other applicable federal cybersecurity guidelines.
• Provide guidance and mentorship to junior analysts, fostering skill growth and consistent engineering practices.
• Stay current with emerging Splunk features, industry trends and threat intelligence to inform proactive enhancements.
• Perform other duties as appropriate and as assigned. 

Knowledge/Skills/Abilities

• Advanced proficiency with Splunk Search Processing Language (SPL) for complex queries, correlation logic and dashboard development.
• Strong understanding of SIEM architecture, event correlation and threat-detection methodologies.
• Proven experience with data onboarding, field extractions and CIM compliance.
• Familiarity with federal cybersecurity frameworks such as NIST SP 800-53 and FISMA.
• Knowledge of cloud security and integrating logs from AWS or Azure.
• Understanding of the MITRE ATT&CK framework and its application within SIEM use cases.
• Demonstrated ability to design and implement security controls aligned with federal standards.
• Good interpersonal skills: ability to work effectively and cooperatively with all levels of management and staff, affiliated-company employees as well as outside business associates; exhibits a professional manner in dealing with others.
• Superior organizational, follow-up and detail-oriented skills.
• Strong ability to analyze documents and categorize appropriately.
• Ability to maintain accurate records.
• Work independently, as well as on a team and with minimal supervision.
• Make decisions, solve problems and exercise excellent judgment.
• Work well under pressure and independently prioritize workload, while working on multiple projects.
  
• Ability to research, organize and analyze technical information with particular attention to accuracy and detail.
  
• Excellent written and verbal communication skills; including thorough knowledge of proper grammar, advanced vocabulary, spelling, editing and proofreading skills. 
  
• Proficient using Microsoft Office products, such as Word, Excel and PowerPoint and industry-standard computer software and databases.
• High degree of sensitivity regarding confidential information.

Physical Abilities

• Sufficient fine motor skills for the use of computers, calculators with an ability to withstand repetitive keyboarding for extended periods of time.
• Visual and communications ability adequate to perform the essential functions of the job.
• Ability to kneel, bend and twist at the waist on an occasional basis.
• Ability to reach below shoulder height with regular frequency (desk position) and at or above shoulder height on occasion.
• Ability to push, pull, carry and lift objects weighing up to 10 pounds on a regular basis, and greater weights on an occasional basis.
• Ability to travel by vehicle or aircraft, and ability to safely operate a motor vehicle.

Minimum Qualifications

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field and at least eight (8) years of progressive experience in IT or cybersecurity, including at least five (5) years specializing in Splunk Enterprise and Splunk ES engineering, or an equivalent combination of education, experience and training.
• Ability to pass a background and drug screening.
• Must have identification compliant with the Real ID Act at time of hire.
• Must be able to obtain Department of Energy access badge. 
• Must be able to obtain and maintain a U.S. government security clearance.

Preferred Qualifications

• Splunk certifications such as Enterprise Certified Architect, ES Certified Admin or Certified Developer.
• Experience with Python scripting or API integrations to automate Splunk functions.
• Hands-on experience with SOAR platforms (Cortex XSOAR, Phantom, or similar).
• Prior experience supporting cybersecurity operations in a federal or highly regulated environment. 
  

Pay Range: $110,275.00-$198,468.00/ yearly

Benefits: OSC Technical Solutions offers excellent benefits for eligible employees. Benefits include paid holidays, paid time off, 401k with employer match, dental, vision, health insurance plans through the Federal Employee Health Benefits (FEHB) program, as well as life and disability benefits. 

OSC Technical Solutions does not discriminate, and the company provides equal employment opportunity for all employees and applicants without regard to race, religion, color, sex, gender, sexual orientation, national origin, citizenship status, age, marital status, pregnancy or parenthood, handicap or disability, genetics, veteran status or any other legally protected characteristic. OSC Technical Solutions adheres to all federal, state and local laws regarding equal employment opportunity and will not discriminate against you in violation of these laws. OSC Technical Solutions reserves the right to apply CIRI Shareholder preference to qualified Shareholders in employment and advancement opportunities.  

OSC Technical Solutions participates in E-Verify. We will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee's Form I-9 to confirm work authorization. 

Reasonable Accommodation:

OSC Technical Solutions will provide reasonable accommodations, according to applicable state and federal laws, to all qualified individuals with physical or mental disabilities. In compliance with the ADA Amendments Act (ADAAA), if you have a disability and would like to request an accommodation in order to apply for a position with OSC Global, LLC or any of its subsidiaries, please email recruiting@ciri.com.