Entry Level Splunk Jobs in Springfield, VA (NOW HIRING)

• Develop and refine detection techniques to identify malicious activities and security breaches.
• Analyze descriptions of IOCs and design effective searches to detect these activities in large data sets.
• Create and maintain detection content, ensuring it is up-to-date with the latest threat intelligence.
• Collaborate with threat hunters to continuously improve detection capabilities.
• Utilize advanced Splunk query skills to develop and run complex searches and analyze security data.
• Ensure the accuracy and efficiency of detection mechanisms to reduce false positives and improve response times.
• Lead the design and development of advanced threat research platforms and prototypes, focusing on automation and scalable intelligence workflows.
• Architect and code solutions for collecting, processing, and analyzing diverse threat data sources, including telemetry, commercial feeds, and OSINT.
• Conduct in-depth research on emerging threat actors, tactics, techniques, and procedures (TTPs), including dark net intelligence gathering, and produce actionable reports for stakeholders.
• Engineer and automate the intelligence cycle, continuously improving processes for detection, alerting, and incident enrichment using SIEM, SOAR, and EDR technologies.

Requirements:

• Proven experience as a Detection Engineer, with a strong emphasis on detection engineering as a primary job function.
• Proven emulation history, replicating existing attack chains in code
• Breach and attack simulation (BAS) experience for implementing attack chains
• In-depth knowledge of threat hunting methodologies and experience working as a threat hunter.
• Expertise in Splunk, including the ability to create and optimize complex queries independently.
• SOAR / Scripting / Python experience
• Demonstrated ability to analyze and interpret various data sets to identify suspicious activities.
• Strong understanding of cyber security threats, vulnerabilities, and attack vectors.
• Ability to work independently and collaboratively within a team environment.

Preferred Qualifications:

• Certifications related to cyber security and detection engineering (e.g., GIAC Certified Detection Analyst, Splunk Certified User).
• Familiarity with other security information and event management (SIEM) tools and technologies.
• Note: This position is not an entry-level role. We require candidates with substantial experience in detection engineering, not just occasional detection creation as part of a SOC analyst role.