Lead Cyber Risk Manager (Splunk Engineer)

Lead Cyber Risk Manager (Splunk Engineer)

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we are committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.

The Cybersecurity Risk Management Department (R311) within the Global Security Services Division (R300) is looking to fill a Lead Cyber Risk Manager (Splunk Engineer), with a focus on classified environments. The selected candidate will support multiple sponsors by providing technical support and engineering for a computing system's technical posture operating in an isolated enclave consisting of high-performance computer environments as well as celestial and terrestrial labs.

The ideal candidate will thrive in a fast-paced, collaborative environment, working with cutting-edge technology and contributing to advanced security concepts in classified settings. We seek a proactive individual to lead efforts in integrating security into large engineering projects and acquisition initiatives.

Success in this role requires expertise in a wide range of cybersecurity topics, including strategy, planning, policies, procedures, governance, management, protection, detection, mitigation, and cyber and military operations. Strong verbal and written communication skills are essential for presenting findings, making actionable recommendations, and sharing innovative ideas with Senior Government Sponsors.

Roles & Responsibilities:

The selected candidate will collaborate with System Administrators and Information System Security Officers to maintain the operations of Splunk environments. The candidate will work with logs from Windows, Linux, and Cisco devices to ensure proper data ingestion into Splunk, enabling effective monitoring, troubleshooting, and the creation of actionable dashboards and alerts to support operational and security objectives. They will demonstrate strong problem-solving skills to develop appropriate mitigation strategies and ensure Splunk systems are configured and operated in compliance with Security Technical Implementation Guides (STIG) requirements. The candidate will manage Splunk user roles, permissions, authentication mechanisms, configuration files, data inputs, and forwarders. The successful candidate will be responsible for the analysis, integration, testing, operations, and maintenance of Splunk system security. They will assist during external security inspections and ensure compliance for all department Splunk environments.

Infrastructure management: Design, deploy, and maintain Splunk environments, including clusters, indexers, and forwarders, ensuring high availability, scalability, and performance.

Data onboarding: Identify and integrate new data sources into Splunk, creating and managing data inputs, indexes, and source types.

Data analysis and reporting: Develop custom dashboards, reports, and alerts using SPL to visualize trends and provide actionable insights.

Troubleshooting and optimization: Monitor the health of the Splunk environment, troubleshoot issues, and optimize search performance and data retention policies.

User support and collaboration: Work with end-users to gather requirements, assist with searches, and provide training on Splunk usage and best practices. Collaborate with IT, security, and other teams to meet business needs.

Security: Ensure the security of the Splunk environment, which can include managing security updates, patching vulnerabilities, and using Splunk for security event monitoring and incident response.

Design and develop Splunk dashboards and alerts that align with NIST 800-53 audit requirements to ensure compliance with federal security standards and provide actionable insights for monitoring and reporting.

Basic Qualifications:

Typically requires a minimum of 8 years of related experience with a Bachelor's degree; or 6 years and a Master's degree; or a PhD with 3 years' experience; or equivalent combination of related education and work experience.

Deep understanding of Splunk architecture, administration, and management.

Proficiency in scripting languages like Python, Bash, or PowerShell is required for automation and advanced tasks related to Splunk.

Strong analytical and problem-solving skills to troubleshoot complex issues in large scale distributed systems.

Hands-on experience with large-scale enterprise Splunk environments.

Knowledge of classified infrastructure and the A&A process.

Ability to communicate complex technical concepts clearly to both technical and non-technical audiences.

Must meet DoD 8570.01M IAM Level III requirements.

Active Top Secret clearance with SCI eligibility. Ability to obtain and maintain a Counterintelligence Polygraph (CI Poly).

Per the U.S. Government's eligibility requirements, you must be a U.S Citizen to be considered for a security clearance.

This position has an on-site requirement of 5 days a week on-site.

Preferred Qualifications:

Experience in SPL, data onboarding, and creating visualizations.

Knowledge of emerging IT and cybersecurity technologies.

Proven ability to advise senior leadership on risk levels, security posture, and policy changes.

Previous experience operating as a SCI/SAP ISSO, ISSE, System Administrator, or ISSM.

Strong analytical and problem-solving skills, with the ability to develop innovative solutions.

Experience mentoring junior staff and fostering a collaborative team environment.

Familiarity with insider threat programs and strategies for mitigating insider risks.

Salary compensation range and midpoint: $158,800 - $198,500 - $238,200 Annual

Work Location Type: Onsite

Commitment to Non-Discrimination

All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, local or international law.

MITRE intends to maintain a website that is fully accessible to all individuals. If you are unable to search or apply for jobs and would like to request a reasonable accommodation for any part of MITRE's employment process, please email View email address on click.appcast.io for general support and View email address on click.appcast.io for intern positions. This service is for individuals requiring reasonable accommodation requests. Please note that vendor solicitations will not receive a reply.