Splunk Developer – Cyber Security Operations Long Term Federal Contract

Splunk Developer — Cyber Security Operations

Remote (Canada) · Full-Time Contract · Through December 2027

A large Canadian institution is seeking an experienced Splunk Developer to join its Cyber Monitoring and Response team. This is a hands-on technical role focused on advancing a mature Splunk Enterprise Security environment — building integrations, engineering detection use cases, and shaping the platform's next phase of capability.

The Role

You will work alongside a dedicated SIEM team and solutions integrator to develop and implement enhancements across the Splunk environment. Your responsibilities will span the full lifecycle of the platform: onboarding new data sources through API configuration, writing and tuning security and risk-based use cases, integrating Splunk with SOAR and analytical platforms, and contributing to the design of ML-driven detection models. You will also support day-to-day operational stability, troubleshoot data flow issues, document your work thoroughly, and provide best-practice guidance to stakeholders.

What We're Looking For

• Splunk Enterprise or Enterprise Security certification
• Degree or diploma in Computer Science, Information Technology, or a related discipline
• At least five years of hands-on experience with Splunk Enterprise Security in a large-scale environment
• Proven ability to parse and onboard data, configure APIs, and build reliable integrations
• Experience developing advanced analytical use cases, including machine learning models
• Strong documentation and communication skills

Preferred

• Linux, Windows, and Syslog proficiency
• Experience with multi-vendor cyber security solution integration
• Familiarity with agile and traditional SDLC methodologies
• French language ability

Requirements

• Must be eligible for Government of Canada Secret-level security clearance, which requires a minimum of five years of Canadian residency
• Windows 11 device with Azure Virtual Desktop access and a smartphone supporting Microsoft Authenticator

This is a fully remote, 37.5-hour-per-week engagement running through the end of 2027. If this aligns with your background, I'd welcome a conversation.