Remote Splunk Admin Jobs in Washington (NOW HIRING)

Security Tools Engineers – Senior and Junior roles available
Location: National Capitol Region (Remote work but must live in the Washington, DC area for occasional meetings)
Job Type: Full-Time
About the Role:
We are seeking a highly skilled Security Tools Engineers to join our dynamic security operations team. The ideal candidate will have deep expertise in Azure security, endpoint detection, vulnerability management, and security architecture, with hands-on experience in integrating advanced security tools and automating processes. You will be responsible for securing and architecting cloud infrastructure, managing endpoint detection systems, implementing security policies, and leading new software evaluations across a complex enterprise environment.
Key Responsibilities:
1. Azure Security & Cloud Engineering:
o Design, implement, and enforce security policies for Azure subscriptions, including Defender for Cloud, identity baselines, RBAC, and logging.
o Enforce configuration standards across Azure resources at scale using Azure Policy, Blueprints, and landing zones.
o Integrate Azure Activity Logs and Defender alerts into SIEM solutions such as Splunk, ensuring comprehensive monitoring and incident response.
o Secure Azure VMs (Linux and Windows) from baseline to monitoring.
2. Endpoint Detection & Response (EDR) Management:
o Lead the deployment, monitoring, and troubleshooting of EDR solutions (CrowdStrike, SentinelOne) across the enterprise.
o Evaluate and compare CrowdStrike and SentinelOne, and recommend the best solution based on specific use cases.
o Ensure proper EDR agent deployment, validate reporting, and correlate asset data using tools like Axonius, Splunk, and Tenable.
o Troubleshoot and resolve issues where EDR agents fail to report or check in.
3. Carbon Black App Control (Bit9) Management:
o Implement and manage high-enforcement whitelisting policies using Carbon Black App Control.
o Safely onboard new applications and handle block events, determining whether to allow or deny them.
o Manage developer code signing and App Control approvals in a high-enforcement environment.
4. Splunk Configuration and Engineering:
o Configure and troubleshoot Splunk Heavy Forwarders (HF) and Deployment Servers (DS) for efficient data ingestion.
o Manage large-scale Splunk app deployments and validate log source parsing before sending data to production.
o Design and implement custom inputs and ensure optimal performance in data collection and forwarding.
5. Vulnerability Management (Tenable.io):
o Implement and manage Tenable.io vulnerability scanning solutions across a large-scale cloud environment.
o Build and assign scan templates, prioritize vulnerabilities based on risk factors (CVSS, VPR, asset criticality), and ensure remediation.
o Address issues with credential errors in vulnerability scans and improve overall vulnerability management processes.
6. New Software Evaluation & Architecture Support:
o Lead the security review process for new applications and tools, ensuring they meet security gates for permissions, data flow, logging, and compatibility with existing security tools.
o Evaluate vendor tools that require local admin privileges or service account access and ensure proper security assessments are conducted.
7. Linux Support & Hardening:
o Apply Linux hardening controls (e.g., STIG/CIS) to new VMs and automate compliance checks using tools such as Ansible, Lynis, and OpenSCAP.
o Troubleshoot and resolve performance issues on Linux systems, using appropriate diagnostic tools.
8. Scripting & Automation:
o Automate security tasks using PowerShell and Python to streamline processes, such as parsing logs, interacting with APIs (Tenable, CrowdStrike), and managing system configurations.
o Develop scripts to automate security tasks, such as vulnerability scanning, log parsing, and compliance checking.
9. Cross-Team Communication & Collaboration:
o Work closely with other teams to push back on security risks and advocate for necessary security controls in project timelines.
o Document engineering processes and security architectures for repeatability and auditability.
10. Continuous Improvement:
o Lead efforts to continuously improve security posture through research, process refinement, and tool upgrades.
o Identify blind spots or weaknesses in security and proactively implement changes to mitigate risks.
Key Skills & Qualifications:
• Experience:
o 7+ years in Cloud Security Engineering or related roles, with a focus on Azure Security.
o Hands-on experience with security solutions like CrowdStrike, SentinelOne, Carbon Black App Control, and Tenable.io.
o Expertise in Splunk (Heavy Forwarders, Deployment Server) and SIEM architecture.
o Experience with vulnerability management, including scanning, remediation, and prioritization in cloud environments.
• Technical Skills:
o Proficiency with Azure Governance, Azure Policy, and Defender for Cloud.
o Strong scripting skills in PowerShell and Python for automation.
o Experience with Linux system hardening (STIG, CIS), and automation using Ansible or similar tools.
o Solid understanding of security protocols, threat detection, and incident response.
o Proficiency with the following, Suricata/Zeek, Zero Trust (Cloudflare), Cisco Secure Malware Analytics, Whitelisting App notification analysis, • Soft Skills:
o Excellent communication skills, with the ability to articulate complex security issues to non-technical teams.
o Proven ability to work cross-functionally with teams to influence decision-making and enforce security policies.
o Ability to troubleshoot complex security and infrastructure issues