HHS - Sr. Splunk Engineer / Administrator at cFocus Software Incorporated – Rockville, Maryland

cFocus Software seeks a Sr. Splunk Engineer / Administrator to join our program supporting the Department of Health and Human Services (HHS) This position is remote. This position requires the ability a Public Trust clearance.
Qualifications:

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or related field.
• Minimum of 8 years of experience administering enterprise SIEM and logging platforms.
• Extensive hands-on experience with Splunk Core and Splunk Enterprise Security.
• Strong understanding of log management, event correlation, detection engineering, and threat analytics.
• Experience supporting federal cybersecurity environments and compliance requirements.
• Knowledge of NIST SP 800-53, NIST SP 800-92, FISMA, and OMB logging mandates.
• Experience integrating SIEM with cloud platforms (AWS, Azure) and security tools.
• Active Splunk Certified Architect or Administrator
• CISSP, GCIA, GCED, or GCIH (preferred).

Duties:

• Administer and engineer a complex hybrid Splunk environment supporting on-premises, IaaS, PaaS, SaaS, and multi-cloud platforms.
• Ensure logging and SIEM operations comply with OMB M-21-31 logging requirements including log categories, retention, and visibility.
• Design, implement, and maintain Splunk Core and Splunk Enterprise Security configurations.
• Perform data onboarding, parsing, normalization, and indexing optimization for diverse log sources.
• Develop, tune, and maintain correlation searches, detections, dashboards, and alerts to support SOC operations.
• Integrate Splunk with HRSA cybersecurity tools including EDR, vulnerability management, SOAR, cloud platforms, and threat intelligence feeds.
• Monitor SIEM performance including ingestion rates, indexing efficiency, search latency, and storage utilization.
• Optimize searches, data models, accelerated reports, and summary indexing to improve performance.
• Develop and maintain Splunk apps, add-ons, and custom knowledge objects.
• Support users and stakeholders by providing ad hoc searches, reports, and dashboards.
• Implement SIEM changes following HRSA change management procedures with documented implementation and rollback plans.
• Patch, upgrade, and maintain Splunk infrastructure in accordance with HHS and HRSA standards.
• Develop and maintain SIEM SOPs, workflows, architecture diagrams, and technical documentation.
• Support audits and assessments by producing logging evidence, compliance dashboards, and audit-ready reports.
• Maintain SLA of responding to SIEM-related service requests within two (2) business days.