Splunk Analyst

Location: RockVille, MD (Hybrid 3 days Onsite)

Skysoft Inc, is seeking an information security Sr. Splunk analyst who will be a key member of a consulting team providing advice, support and reporting to federal agencies, in the Incident Response & Risk Management areas of Information Security.

This role will be primarily responsible for but not limited to conducting incident handling tasks during different phases of Computer Security Incident Response (CSIR), engineering, implementing, and optimizing Splunk capabilities that support enterprise-wide cybersecurity monitoring, detection, automation and incident response.

The incumbent must be able to design custom dashboards based on defined requirements, support incident response and root cause analysis, and develop automation and integrations with Data Loss Prevention (DLP), ServiceNow events and other enterprise systems. This role directly contributes to the agency’s cybersecurity mission, ensuring visibility, resilience, and rapid response to threats.

Key Responsibilities

• Monitor and analyze security events and alerts from multiple sources, including security information and event management Security Information & Event Management (SIEM) software, network and host-based intrusion detection systems, firewall logs, and system logs (Windows, Linux, and Unix), and databases
• Design, develop, and maintain custom Splunk dashboards aligned with SOC and stakeholder requirements

· Design and implement automation workflows, integrating Splunk with ServiceNow for incident management and response

• Support and employ approved defense-in-depth principles and practices (e.g., defense-in-multiple places, layered defenses, security robustness).

· Develop and optimize SPL queries, correlation searches, and detection use cases within Splunk Enterprise Security (ES)

· Support incident response activities, including log analysis, event correlation, and forensic investigation

• Separate true threats from false positives using network and log analysis and escalate possible intrusions and attacks

· Conduct root cause analysis (RCA) and produce technical reports and after-action documentation

· Develop integrations using APIs, scripting (Python/PowerShell), and webhooks across security and IT systems

· Ensure compliance with federal cybersecurity frameworks such as NIST SP 800-53, NIST 800-61, and CISA CDM

· Optimize Splunk performance, data ingestion, and system scalability

· Provide technical leadership and mentorship to SOC analysts and junior engineers

• Work within a team of diverse individuals and cross-functional teams to solve unique and complex problems with broad impact for client services and business.
• Provide clear, daily updates to management on security incidents; Investigate, document, and report on forensic investigations
• Provide daily updates to management concerning assigned or progressive security projects.

•