Posted at: 2 February

HHS - Sr. Splunk Engineer / Administrator

Company

CompanycFocus Software Incorporated

cFocus Software is a Largo, Maryland-based B2G SaaS provider specializing in cybersecurity solutions and compliance automation for federal government agencies, including the DoD.

Remote Hiring Policy:

cFocus Software supports remote work for certain roles and is hiring from various locations within the United States, including Washington, DC. Team members may work remotely, but compliance as a federal contractor suggests a focus on U.S. candidates.

Job Type

Full-time

Allowed Applicant Locations

United States

Apply Here

Job Description

cFocus Software seeks a Sr. Splunk Engineer / Administrator to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:
  • Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field.
  • Minimum of 8 years of experience administering enterprise SIEM and logging platforms.
  • Extensive hands-on experience with Splunk Core and Splunk Enterprise Security.
  • Strong understanding of log management, event correlation, detection engineering, and threat analytics.
  • Experience supporting federal cybersecurity environments and compliance requirements.
  • Knowledge of NIST SP 800-53, NIST SP 800-92, FISMA, and OMB logging mandates.
  • Experience integrating SIEM with cloud platforms (AWS, Azure) and security tools.
  • Active Splunk Certified Architect or Administrator
  • CISSP, GCIA, GCED, or GCIH (preferred).
Duties:
 
  • Administer and engineer a complex hybrid Splunk environment supporting on-premises, IaaS, PaaS, SaaS, and multi-cloud platforms.
  • Ensure logging and SIEM operations comply with OMB M-21-31 logging requirements including log categories, retention, and visibility.
  • Design, implement, and maintain Splunk Core and Splunk Enterprise Security configurations.
  • Perform data onboarding, parsing, normalization, and indexing optimization for diverse log sources.
  • Develop, tune, and maintain correlation searches, detections, dashboards, and alerts to support SOC operations.
  • Integrate Splunk with HRSA cybersecurity tools including EDR, vulnerability management, SOAR, cloud platforms, and threat intelligence feeds.
  • Monitor SIEM performance including ingestion rates, indexing efficiency, search latency, and storage utilization.
  • Optimize searches, data models, accelerated reports, and summary indexing to improve performance.
  • Develop and maintain Splunk apps, add-ons, and custom knowledge objects.
  • Support users and stakeholders by providing ad hoc searches, reports, and dashboards.
  • Implement SIEM changes following HRSA change management procedures with documented implementation and rollback plans.
  • Patch, upgrade, and maintain Splunk infrastructure in accordance with HHS and HRSA standards.
  • Develop and maintain SIEM SOPs, workflows, architecture diagrams, and technical documentation.
  • Support audits and assessments by producing logging evidence, compliance dashboards, and audit-ready reports.
  • Maintain SLA of responding to SIEM-related service requests within two (2) business days.

 
Apply Here