Splunk Enterprise Security Lead at Core4ce – Charleston, South Carolina

Core4ce

Splunk Enterprise Security Lead
1185-383

Core4ce is seeking a highly skilled Enterprise Security Splunk Lead to support a Defense Health Agency (DHA) program delivering mission-critical cybersecurity, observability, and enterprise logging capabilities across a globally distributed healthcare environment. This role will lead the design, implementation, and sustainment of Splunk Enterprise Security (ES) and associated SIEM capabilities, enabling real-time threat detection, incident response, and compliance within a DoD RMF-aligned, Zero Trust architecture. The ideal candidate brings deep technical expertise, leadership experience, and the ability to operate within a Scaled Agile (SAFe) delivery model, supporting both operational and strategic cybersecurity outcomes.

Key Responsibilities:

Technical Leadership & Architecture

• Lead the architecture, engineering, and optimization of Splunk Enterprise and Splunk ES in a large-scale DoD environment
• Design and implement data onboarding strategies across cloud (AWS GovCloud/Azure Gov), on-prem, and hybrid systems
• Develop and maintain correlation searches, risk-based alerting (RBA), dashboards, and threat detection use cases
• Ensure high availability, scalability, and performance of Splunk infrastructure

Security Operations & Monitoring

• Enable and enhance Security Operations Center (SOC) capabilities through advanced analytics and automation
• Integrate Splunk with enterprise tools (e.g., ACAS/Tenable, Microsoft Sentinel, endpoint security platforms, cloud logs)
• Support incident detection, triage, and response workflows, including SOAR integrations where applicable
• Develop actionable insights to support continuous monitoring (ConMon) and cyber readiness

Compliance & RMF Alignment

• Align Splunk implementations with DoD RMF controls, STIG requirements, and eMASS documentation
• Support audit readiness, including log retention, traceability, and reporting requirements
• Contribute to ATO and cATO strategies, leveraging reusable security artifacts

Program & Agile Execution

• Lead a team of Splunk engineers and analysts within a SAFe Agile framework (PI planning, backlog refinement, demos)
• Translate mission and stakeholder needs into features, user stories, and technical tasks
• Provide capacity planning, performance metrics, and reporting aligned to Government oversight expectations

Stakeholder Engagement

• Interface with DHA leadership, cybersecurity teams, and mission partners
• Provide briefings, dashboards, and executive-level reporting on security posture and operational metrics
• Collaborate across programs (e.g., DCOPS, JOMIS, ESS Next) to ensure enterprise integration and standardization

*This position is designed to be flexible, with responsibilities evolving to meet business needs and enable individual growth.

Required Qualifications:

• Active Secret clearance (Top Secret preferred)
• 8+ years of experience in cybersecurity, SIEM engineering, or enterprise logging
• 3+ years of hands-on experience with Splunk Enterprise and Splunk ES
• Strong experience with:
  • Splunk data onboarding, parsing, indexing, and search optimization
  • Correlation searches, notable events, and ES frameworks
  • Distributed Splunk architectures (indexers, search heads, forwarders)
• Experience in DoD environments supporting RMF, STIGs, and continuous monitoring
• Familiarity with cloud platforms (AWS GovCloud, Azure Gov) and hybrid architectures
• Experience integrating with security tools (e.g., Tenable/ACAS, EDR, identity systems)
• Strong leadership, communication, and stakeholder engagement skills

Preferred Qualifications:

• Splunk certifications (e.g., Splunk Enterprise Security Certified Admin, Architect)
• Experience with Splunk SOAR (Phantom) or automation frameworks
• Familiarity with Zero Trust architectures and OMB/DOD cybersecurity guidance
• Experience supporting health IT systems (DHA, MHS, or similar environments)
• Knowledge of DevSecOps pipelines and CI/CD integration with Splunk
• Experience with SAFe Agile or ITIL-based service management

Why Work for Us?

Core4ce is a team of innovators, self-starters, and critical thinkers—driven by a shared mission to strengthen national security and advance warfighting outcomes.

We offer:

• 401(k) with 100% company match on the first 6% deferred, with immediate vesting
• Comprehensive medical, dental, and vision coverage—employee portion paid 100% by Core4ce
• Unlimited access to training and certifications, with no pre-set cap on eligible professional development
• Tuition assistance for job-related degrees and courses
• Paid parental leave, PTO that grows with tenure, and generous holiday schedules
• Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.

Join us to build a career that matters—supported by a company that invests in you.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.

Remote, United States

Full-Time/Regular

All qualified applicants will receive consideration for employment without regard to race, color, sex, sexual orientation, gender identity, religion, national origin, disability, veteran status, age, marital status, pregnancy, genetic information, or other legally protected status.