4229 Senior Cybersecurity Specialist

OVERVIEW:

The DI&I Analyst (Mid) provides operational and engineering support for Treasury's enterprise Splunk environment under TESIEMS. This role focuses on administering Splunk, onboarding new data sources, ensuring data quality and normalization, and maintaining continuous visibility across enterprise systems. The analyst plays a key role in enabling Treasury's SOC teams to detect, analyze, and respond to cybersecurity threats by ensuring critical data is ingested, structured, and available for security operations and compliance reporting.

GENERAL DUTIES:

• Perform day-to-day administration of Splunk, including monitoring system health, managing indexes, and troubleshooting ingestion or search performance issues.
• Support Splunk operations in hybrid environments (on-prem servers, AWS compute/storage, Linux VMs).
• Apply patches, upgrades, and configurations to maintain stability and compliance of Splunk infrastructure.
• Onboard new data sources into Splunk using syslog, HTTP Event Collector (HEC), JSON feeds, and APIs.
• Normalize and validate ingested data to ensure alignment with Splunk Common Information Model (CIM) and SOC use cases.
• Collaborate with system owners, engineers, and SOC analysts to configure log forwarding and resolve onboarding issues.
• Develop and maintain ingestion pipelines that support large-scale Treasury SOC operations. Tune parsing, field extractions, and sourcetypes for optimal indexing and search performance.
• Document and maintain data onboarding procedures, schemas, and configuration standards. Ensure Splunk onboarding and data retention configurations align with Treasury's security and compliance requirements (NIST RMF, FISMA, CCRI).
• Generate audit-ready intake documentation and data validation reports for compliance reviews. Work with compliance and CD&M teams to ensure Splunk data supports continuous monitoring and reporting mandates.
• Provide Tier II/III Splunk intake and admin support, escalating complex issues to senior Splunk engineers as required.
• Partner with SOC analysts and CD&M engineers to ensure onboarded data supports detection, dashboards, and reporting needs.
• Contribute to DI&I process improvement initiatives to streamline intake and optimize operational workflows.

REQUIRED QUALIFICATIONS:

• Bachelor's degree from an accredited institute in an area applicable to the position in Cybersecurity, Computer Science, Information Systems, or a related discipline.
• Seven (7) years experience. Three additional years of experience in lieu of degree.
• Deep technical knowledge and proficiency in cybersecurity principles and practices.
• Problem-solving complex and unclear technical issues.
• Collaboration with internal cybersecurity experts. Strong analytical and critical thinking skills. Understanding of impact assessment on end-products or solutions.
• Broad technical understanding of related cybersecurity specialty areas. Ability to develop and implement technical solutions independently.
• Familiarity with incident detection, response, and security event management.
• Proficiency in tools such as SIEMs (e.g., Splunk), IDS/IPS, endpoint detection, and scripting languages.
• Familiarity with NIST SP 800-53, FISMA, and risk management frameworks.
• Experience with scripting (e.g., Python, Bash) and log data analysis.
• Relevant certifications, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Cyber Security Analyst + (CySA+) are highly desirable.
• Splunk Administration: Experience with Splunk Enterprise administration, including indexes, user management, and system performance.
• Splunk Data Onboarding: Hands-on experience onboarding data sources using syslog, HEC, JSON, APIs, and other ingestion methods.
• Splunk CIM: Strong understanding of the Splunk Common Information Model and ability to normalize data to CIM standards.
• Infrastructure Knowledge: Familiarity with on-prem servers, AWS compute/storage, virtual machines, and Linux environments.
• Data Quality: Ability to validate, troubleshoot, and normalize log data for operational and compliance use.
• Scripting & Automation: Working knowledge of Python, Bash, or PowerShell for ingestion testing and automation tasks.
• Security & Compliance Alignment: Understanding of NIST SP 800-53, FISMA, FedRAMP, DISA STIGs, and their application in SOC environments.
• Collaboration: Strong communication skills for working with SOC teams, CD&M engineers, and system stakeholders.

CLEARANCE:

• Secret minimum