Phia is hiring a
Cybersecurity Engineer, Remote - United States

Summary

The job description is for a Cybersecurity Engineer (Splunk SME) position at phia, LLC. The role involves managing and optimizing Splunk architecture components, supporting cyber defense operations at a large Federal agency, and ensuring regulatory compliance. The position offers full remote flexibility from U.S. locations.

Requirements

• High School + 16 years of relevant experience, or AA/AS + 14, years of relevant experience, or BA/BS + 12, years of relevant experience, or MA/MS + 10, years of relevant experience
• Experience managing and optimizing Splunk architecture components like search heads, indexers, heavy forwarders, universal forwarders, and clusters
• To understand and configure Splunk indexing processes, including hot/warm/cold buckets and data models
• Ability to develop regular expressions (regex) for data parsing and field extractions using props.conf and transforms.conf
• Knowledge to design and implement large-scale data ingestion pipelines via APIs, syslog, and universal forwarders
• Ability to troubleshoot and tune Splunk deployments for performance and stability, leveraging deep Linux systems knowledge
• Experience building advanced data models and pivot interfaces for complex data analysis
• Ability to develop and optimize SIEM content and processes, including managing correlation rules, filters, alerts, and report generation
• Proficiency in scripting languages (e.g., Python, PowerShell) and automating tasks in a SIEM ecosystem
• Strong understanding of networking and operating system administration fundamentals
• U.S. Citizenship required, Ability to achieve Public Trust or higher

Responsibilities

• Oversee day-to-day operations of the SIEM within the organization
• Design, deploy, and configure cutting-edge SIEM solutions (e.g. Splunk, Microsoft/Azure Sentinel, IBM QRadar) to meet evolving security needs
• Optimize SIEM processes to ensure efficient and effective log collection and employ event management best practices
• Support security analysts in enabling threat identification, event detection, and information management
• Plan, implement, and manage full data lifecycle for Splunk infrastructure (data ingestion, compression, indexing, archiving, etc.)
• Manage correlation rules, filters, alerts, report generation, security content development and delivery, health checks, and performance tuning
• Perform security assessments, and audits, and ensure regulatory compliance
• Leverage proficiency in networking concepts, system administration, security fundamentals, and access controls for SIEM deployment and optimization
• Implement effective logging mechanisms and data collection methodologies to support SIEM operations
• Utilize technical knowledge across multiple domains to configure, maintain, and enhance the SIEM solution
• Work with the SIEM team to fine-tune components, analyze complex issues, and provide innovative solutions in the SIEM environment
• Coordinate with SOC monitoring/detection/analysis teams and incident response teams
• Provide mentorship and direction to junior team members

Benefits

• Comprehensive medical insurance to include dental and vision
• Short Term & Long-Term Disability
• 401k Retirement Savings Plan with Company Match
• Tuition and Professional Development Assistance
• Flex Spending Accounts (FSA)