Key Facts

Remote From:

District of Columbia (USA) , Washington (USA)

Full time

Senior (5-10 years)

English

Hard Skills

Insider Threat Splunk Enterprise Security Incident Response Test Automation Advanced Security Analytics Splunk Development Threat Detection Databricks Antivirus Software Triage Data Loss Prevention Anomaly Detection Database Activity Monitoring Behavioral Analytics Endpoint Management Digital Forensics Executive Conversations Cross-Functional Collaboration Stakeholder Communications

Other Skills

•
Analytical Skills
•
Verbal Communication Skills

Job description

Description

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments.

Dragonfli Group is seeking a Senior Security Engineer with deep Splunk content engineering expertise and a proven track record in insider risk detection. This is a detection-engineering-forward role requiring hands-on SPL development, alert fidelity improvement, and operational investigation support across a complex enterprise toolset including Splunk Enterprise Security, UEBA, CrowdStrike Falcon, Microsoft Purview/Defender/Entra, DLP, and Databricks.

This is a multi-year contract position supporting a large U.S. federal agency. Candidates with prior federal contracting experience are preferred. U.S. Citizenship required. All work must be performed within the continental United States.

Primary Responsibilities:

Detection Engineering and Content Development

Design, build, and maintain insider risk detection use cases and monitoring workflows with a primary focus on Splunk Enterprise Security, UEBA, and SPL content engineering
Write, optimize, and operationalize Splunk searches, correlation rules, dashboards, and alerts to improve fidelity and reduce false positives
Develop and refine detection use cases targeting anomalous user behavior, data exfiltration, policy violations, and suspicious endpoint activity
Investigate alert and case trends to identify opportunities for rule tuning, use case expansion, and operational maturity improvement

Incident Response and Investigation

Support incident triage, investigation, and response related to insider risk, suspicious user behavior, and potential data misuse
Perform CrowdStrike Falcon alert review, tuning, and incident response support including false positive identification and credible threat escalation
Lead and assist in investigations involving potential insider threats, intellectual property matters, fraud, and high-stakes security incidents

Program and Tool Maturation

Develop and maintain playbooks and response workflows for insider risk scenarios
Administer and optimize the insider risk toolset: Splunk ES, UEBA, CrowdStrike, Microsoft Purview/Defender/Entra, DLP, and adjacent technologies
Analyze current tool utilization and recommend enhancements to improve detection visibility, investigation efficiency, and operational coverage
Support continuous improvement across Splunk, CrowdStrike, Microsoft, DLP, Databricks, and SOAR platforms
Implement federal government and industry standards related to insider threat programs and maintain programmatic gap analyses

Stakeholder Coordination

Partner with security operations, insider risk, cyber defense, and business stakeholders to improve detection coverage and response posture
Coordinate with technology and business leaders to develop programmatic solutions and deliver executive-level presentations on findings and program status

Requirements

Must-Have Qualifications:

7+ years of experience in cybersecurity, security operations, threat detection, insider risk, or incident response
3-5+ years of hands-on Splunk experience including Splunk Enterprise Security, UEBA, content development, alerting, and dashboarding
Demonstrated experience writing and optimizing Splunk Search Processing Language (SPL)
Experience with CrowdStrike Falcon including alert triage, incident response support, detection tuning, and false positive reduction
2+ years of investigation experience involving insider risk, security incidents, technical investigations, intellectual property matters, fraud, or related areas
Experience developing and improving detection use cases, playbooks, and operational workflows
Experience working in a heavily regulated environment (federal or financial sector preferred)
Strong analytical, communication, and stakeholder coordination skills
U.S. Citizenship required

Preferred Qualifications:

Experience with DLP, Microsoft Purview, or other insider risk and data protection technologies
Experience with SOAR workflows and security automation
Familiarity with machine learning concepts applied to insider risk or anomaly detection
Experience with endpoint, user behavior, and data activity monitoring in enterprise environments
Exposure to Databricks for security analytics, data investigation, or large-scale data analysis use cases
Experience in digital forensics and incident response (DFIR)
Prior experience supporting large U.S. federal agency contracts
BS/BA in a cybersecurity-related field (direct experience or professional certifications may substitute)
Relevant certifications: Splunk Core Certified Power User, Splunk Enterprise Security Certified Admin, GCIA, GCIH, GCFE, CISSP, or equivalent

Skill(s)

Splunk ES / SPL / UEBA: Content engineering, alerting, dashboarding, and tuning
Insider Risk Detection: Use case development, playbook creation, investigation support
CrowdStrike Falcon: Alert triage, detection tuning, incident response
Microsoft Security Stack: Purview, Defender, Entra
DLP and Data Protection Technologies
Analytical and Communication Skills: Executive-level reporting, cross-functional coordination
Regulated Environment Experience: Federal or financial sector standards and compliance