Lead Security Engineer II, Splunk Security Content Visualization Expert (Secret Clearance)
Job Description
A Lead Security Engineer II on Deloitte's Government & Public Services team specializes in Splunk security content visualization, dashboards, and SOC operations, with an active Secret Clearance and onsite work in Arlington, VA.
Responsibilities
- Design and tailor Splunk dashboards, apps, alerts, and visualizations to raise SOC performance and maturity.
- Develop advanced reporting and visualizations to support SOC workflows and stakeholder requirements.
- Build, test, document, implement, and tune security content across the full lifecycle, including data models, dashboards, correlation logic, searches, and alert notifications.
- Execute sophisticated searches and analysis in large-scale SIEM environments.
- Analyze, trend, and filter security log data from multiple sources such as firewalls, IDS/IPS, hosts, load balancers, and other security tools.
- Develop and refine custom SPL using macros, lookups, regex, and network-based logic.
- Support SOP development, updates, implementation, and training.
- Mentor junior and mid-level analysts on SOC processes, content development, and detection practices.
- Identify indicators of compromise and network traffic cues to detect anomalous activity, including lateral movement.
- Support enterprise logging use cases across application, operating system, and security device logs.
Requirements
- Bachelor's Degree required.
- Active Secret Clearance required.
- Ability to work onsite in Herndon, VA up to 3 days a week.
- 3+ years of experience designing and configuring SIEM applications, dashboards, and visualizations for medium-to-large SOC environments.
- 3+ years developing advanced reporting, searches, alerts, and dashboards in Splunk or similar enterprise SIEM platforms.
- 3+ years analyzing high volumes of security log data from diverse enterprise security technologies.
- Experience optimizing SIEM security content and implementing SOC processes and SOPs.
- Experience mentoring junior and mid-level analysts.
- Experience with enterprise logging solutions, regex, custom log parsing, and network security tools.
- Travel up to 15 percent, based on client needs and engagements.
- Must be legally authorized to work in the United States without the need for employer sponsorship, now or in the future.
- Certifications: CISSP, GCIH, GCFA, GPEN, GWAPT, GCIA, or equivalent.
Technologies
- Splunk
- SPL
- regex
Compensation
- Salary range: USD 137,700 - 229,500 per year.
- Onsite work location: Arlington, VA.
- Travel: up to 15% expected.
Benefits
- Discretionary annual incentive program.
- Competitive benefits package for project delivery focused professionals.
The Team
- Deloitte's Government & Public Services GPS practice supports federal, state, and local government clients as well as public higher education institutions, delivering impact through people, ideas, technology, and outcomes.
- The Cyber Defense & Resilience offering helps defend against advanced threats by transforming security operations, monitoring technology, data analytics, and threat intelligence, with rapid crisis and cyber incident response capabilities.
- The Project Delivery Talent Model focuses on delivering client services with work tied to specific projects, providing a benefits package competitive for project delivery professionals.