Splunk Enterprise Security Lead
Core4ce is seeking a highly skilled Enterprise Security Splunk Lead to support a Defense Health Agency (DHA) program delivering mission-critical cybersecurity, observability, and enterprise logging capabilities across a globally distributed healthcare environment. This role will lead the design, implementation, and sustainment of Splunk Enterprise Security (ES) and associated SIEM capabilities, enabling real-time threat detection, incident response, and compliance within a DoD RMF-aligned, Zero Trust architecture. The ideal candidate brings deep technical expertise, leadership experience, and the ability to operate within a Scaled Agile (SAFe) delivery model, supporting both operational and strategic cybersecurity outcomes.
Key Responsibilities:
Technical Leadership & Architecture
Lead the architecture, engineering, and optimization of Splunk Enterprise and Splunk ES in a large-scale DoD environment
Design and implement data onboarding strategies across cloud (AWS GovCloud/Azure Gov), on-prem, and hybrid systems
Develop and maintain correlation searches, risk-based alerting (RBA), dashboards, and threat detection use cases
Ensure high availability, scalability, and performance of Splunk infrastructure
Security Operations & Monitoring
Enable and enhance Security Operations Center (SOC) capabilities through advanced analytics and automation
Integrate Splunk with enterprise tools (e.g., ACAS/Tenable, Microsoft Sentinel, endpoint security platforms, cloud logs)
Support incident detection, triage, and response workflows, including SOAR integrations where applicable
Develop actionable insights to support continuous monitoring (ConMon) and cyber readiness
Compliance & RMF Alignment
Align Splunk implementations with DoD RMF controls, STIG requirements, and eMASS documentation
Support audit readiness, including log retention, traceability, and reporting requirements
Contribute to ATO and cATO strategies, leveraging reusable security artifacts
Program & Agile Execution
Lead a team of Splunk engineers and analysts within a SAFe Agile framework (PI planning, backlog refinement, demos)
Translate mission and stakeholder needs into features, user stories, and technical tasks
Provide capacity planning, performance metrics, and reporting aligned to Government oversight expectations
Stakeholder Engagement
Interface with DHA leadership, cybersecurity teams, and mission partners
Provide briefings, dashboards, and executive-level reporting on security posture and operational metrics
Collaborate across programs (e.g., DCOPS, JOMIS, ESS Next) to ensure enterprise integration and standardization
*This position is designed to be flexible, with responsibilities evolving to meet business needs and enable individual growth.
Required Qualifications:
Active Secret clearance (Top Secret preferred)
8+ years of experience in cybersecurity, SIEM engineering, or enterprise logging
3+ years of hands-on experience with Splunk Enterprise and Splunk ES
Strong experience with:
Splunk data onboarding, parsing, indexing, and search optimization
Correlation searches, notable events, and ES frameworks
Distributed Splunk architectures (indexers, search heads, forwarders)
Experience in DoD environments supporting RMF, STIGs, and continuous monitoring
Familiarity with cloud platforms (AWS GovCloud, Azure Gov) and hybrid architectures
Experience integrating with security tools (e.g., Tenable/ACAS, EDR, identity systems)
Strong leadership, communication, and stakeholder engagement skills
Preferred Qualifications:
Splunk certifications (e.g., Splunk Enterprise Security Certified Admin, Architect)
Experience with Splunk SOAR (Phantom) or automation frameworks
Familiarity with Zero Trust architectures and OMB/DOD cybersecurity guidance
Experience supporting health IT systems (DHA, MHS, or similar environments)
Knowledge of DevSecOps pipelines and CI/CD integration with Splunk
Experience with SAFe Agile or ITIL-based service management
Why Work for Us?
Core4ce is a team of innovators, self-starters, and critical thinkersâdriven by a shared mission to strengthen national security and advance warfighting outcomes.
We offer:
401(k) with 100% company match on the first 6% deferred, with immediate vesting
Comprehensive medical, dental, and vision coverageâemployee portion paid 100% by Core4ce
Unlimited access to training and certifications, with no pre-set cap on eligible professional development
Tuition assistance for job-related degrees and courses
Paid parental leave, PTO that grows with tenure, and generous holiday schedules
Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.
Join us to build a career that mattersâsupported by a company that invests in you.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.
Apply Now
Key Responsibilities:
Technical Leadership & Architecture
Lead the architecture, engineering, and optimization of Splunk Enterprise and Splunk ES in a large-scale DoD environment
Design and implement data onboarding strategies across cloud (AWS GovCloud/Azure Gov), on-prem, and hybrid systems
Develop and maintain correlation searches, risk-based alerting (RBA), dashboards, and threat detection use cases
Ensure high availability, scalability, and performance of Splunk infrastructure
Security Operations & Monitoring
Enable and enhance Security Operations Center (SOC) capabilities through advanced analytics and automation
Integrate Splunk with enterprise tools (e.g., ACAS/Tenable, Microsoft Sentinel, endpoint security platforms, cloud logs)
Support incident detection, triage, and response workflows, including SOAR integrations where applicable
Develop actionable insights to support continuous monitoring (ConMon) and cyber readiness
Compliance & RMF Alignment
Align Splunk implementations with DoD RMF controls, STIG requirements, and eMASS documentation
Support audit readiness, including log retention, traceability, and reporting requirements
Contribute to ATO and cATO strategies, leveraging reusable security artifacts
Program & Agile Execution
Lead a team of Splunk engineers and analysts within a SAFe Agile framework (PI planning, backlog refinement, demos)
Translate mission and stakeholder needs into features, user stories, and technical tasks
Provide capacity planning, performance metrics, and reporting aligned to Government oversight expectations
Stakeholder Engagement
Interface with DHA leadership, cybersecurity teams, and mission partners
Provide briefings, dashboards, and executive-level reporting on security posture and operational metrics
Collaborate across programs (e.g., DCOPS, JOMIS, ESS Next) to ensure enterprise integration and standardization
*This position is designed to be flexible, with responsibilities evolving to meet business needs and enable individual growth.
Required Qualifications:
Active Secret clearance (Top Secret preferred)
8+ years of experience in cybersecurity, SIEM engineering, or enterprise logging
3+ years of hands-on experience with Splunk Enterprise and Splunk ES
Strong experience with:
Splunk data onboarding, parsing, indexing, and search optimization
Correlation searches, notable events, and ES frameworks
Distributed Splunk architectures (indexers, search heads, forwarders)
Experience in DoD environments supporting RMF, STIGs, and continuous monitoring
Familiarity with cloud platforms (AWS GovCloud, Azure Gov) and hybrid architectures
Experience integrating with security tools (e.g., Tenable/ACAS, EDR, identity systems)
Strong leadership, communication, and stakeholder engagement skills
Preferred Qualifications:
Splunk certifications (e.g., Splunk Enterprise Security Certified Admin, Architect)
Experience with Splunk SOAR (Phantom) or automation frameworks
Familiarity with Zero Trust architectures and OMB/DOD cybersecurity guidance
Experience supporting health IT systems (DHA, MHS, or similar environments)
Knowledge of DevSecOps pipelines and CI/CD integration with Splunk
Experience with SAFe Agile or ITIL-based service management
Why Work for Us?
Core4ce is a team of innovators, self-starters, and critical thinkersâdriven by a shared mission to strengthen national security and advance warfighting outcomes.
We offer:
401(k) with 100% company match on the first 6% deferred, with immediate vesting
Comprehensive medical, dental, and vision coverageâemployee portion paid 100% by Core4ce
Unlimited access to training and certifications, with no pre-set cap on eligible professional development
Tuition assistance for job-related degrees and courses
Paid parental leave, PTO that grows with tenure, and generous holiday schedules
Got a big idea? At Core4ce, The Forge gives every employee the chance to propose bold innovations and help bring them to life with internal backing.
Join us to build a career that mattersâsupported by a company that invests in you.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy), national origin, disability, veteran status, age, genetic information, or other legally protected status.
Apply Now