Information Technology \-\> Information Technology
Remote
- •
- •
- Lead the architecture, engineering, and optimization of Splunk Enterprise and Splunk ES in a large\-scale DoD environment
- Design and implement data onboarding strategies across cloud (AWS GovCloud/Azure Gov), on\-prem, and hybrid systems
- Develop and maintain correlation searches, risk\-based alerting (RBA), dashboards, and threat detection use cases
- Ensure high availability, scalability, and performance of Splunk infrastructure
- Enable and enhance Security Operations Center (SOC) capabilities through advanced analytics and automation
- Integrate Splunk with enterprise tools (e.g., ACAS/Tenable, Microsoft Sentinel, endpoint security platforms, cloud logs)
- Support incident detection, triage, and response workflows, including SOAR integrations where applicable
- Develop actionable insights to support continuous monitoring (ConMon) and cyber readiness
- Align Splunk implementations with DoD RMF controls, STIG requirements, and eMASS documentation
- Support audit readiness, including log retention, traceability, and reporting requirements
- Contribute to ATO and cATO strategies, leveraging reusable security artifacts
- Lead a team of Splunk engineers and analysts within a SAFe Agile framework (PI planning, backlog refinement, demos)
- Translate mission and stakeholder needs into features, user stories, and technical tasks
- Provide capacity planning, performance metrics, and reporting aligned to Government oversight expectations
- Interface with DHA leadership, cybersecurity teams, and mission partners
- Provide briefings, dashboards, and executive\-level reporting on security posture and operational metrics
- Collaborate across programs (e.g., DCOPS, JOMIS, ESS Next) to ensure enterprise integration and standardization
- This position is designed to be flexible, with responsibilities evolving to meet business needs and enable individual growth.
- Active Secret clearance (Top Secret preferred)
- 8\+ years of experience in cybersecurity, SIEM engineering, or enterprise logging
- 3\+ years of hands\-on experience with Splunk Enterprise and Splunk ES
- Strong experience with:
- Experience in DoD environments supporting RMF, STIGs, and continuous monitoring
- Familiarity with cloud platforms (AWS GovCloud, Azure Gov) and hybrid architectures
- Experience integrating with security tools (e.g., Tenable/ACAS, EDR, identity systems)
- Strong leadership, communication, and stakeholder engagement skills
- Splunk certifications (e.g., Splunk Enterprise Security Certified Admin, Architect)
- Experience with Splunk SOAR (Phantom) or automation frameworks
- Familiarity with Zero Trust architectures and OMB/DOD cybersecurity guidance
- Experience supporting health IT systems (DHA, MHS, or similar environments)
- Knowledge of DevSecOps pipelines and CI/CD integration with Splunk
- Experience with SAFe Agile or ITIL\-based service management
- 401(k) with 100% company match on the first 6% deferred, with immediate vesting
- Comprehensive medical, dental, and vision coverage—employee portion paid 100% by Core4ce
- Unlimited access to training and certifications, with no pre\-set cap on eligible professional development
- Tuition assistance for job\-related degrees and courses
- Paid parental leave, PTO that grows with tenure, and generous holiday schedules
- gives every employee the chance to propose bold innovations and help bring them to life with internal backing.
ID: 1185\-383
Full\-Time/Regular
Core4ce is seeking a highly skilled Enterprise Security Splunk Lead to support a Defense Health Agency (DHA) program delivering mission\-critical cybersecurity, observability, and enterprise logging capabilities across a globally distributed healthcare environment. This role will lead the design, implementation, and sustainment of Splunk Enterprise Security (ES) and associated SIEM capabilities, enabling real\-time threat detection, incident response, and compliance within a DoD RMF\-aligned, Zero Trust architecture. The ideal candidate brings deep technical expertise, leadership experience, and the ability to operate within a Scaled Agile (SAFe) delivery model, supporting both operational and strategic cybersecurity outcomes.
Key Responsibilities:
Technical Leadership \& Architecture
Security Operations \& Monitoring
Compliance \& RMF Alignment
Program \& Agile Execution
Stakeholder Engagement
Required Qualifications:
+ Splunk data onboarding, parsing, indexing, and search optimization
+ Correlation searches, notable events, and ES frameworks
+ Distributed Splunk architectures (indexers, search heads, forwarders)
Preferred Qualifications:
Why Work for Us?
Core4ce is a team of innovators, self\-starters, and critical thinkers—driven by a shared mission to strengthen national security and advance warfighting outcomes.
We offer:
Got a big idea? At Core4ce, The Forge
Join us to build a career that matters—supported by a company that invests in you.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.