Splunk Engineer

5ironCyber Active Cyber Defense solutions provide comprehensive detection and response, 24x7x365. We actively respond to events as they occur, requiring less bandwidth from our clients and taking the action needed to eliminate the threat before it causes disruption to client business or data. This approach enabled 5ironCyber to be named to the 2022 and 2023 Inc. 5000 list of fastest-growing private companies in the US.

5ironCyber redefines industry expectations by taking an active role in the protection of our clients. Delivering 24x7x365 “eyes on” cybersecurity defense solutions, effectively minimizes cyber risk inside these organizations. Our active cyber defense solutions leverage years of information security experience to protect critical network infrastructure from the growing number of cyber threats.

At 5ironCyber, our goal is more than notification — our goal is remediation and resolution. In support of that mission, the Splunk Engineer will perform the following duties:


  • Splunk Enterprise:
    • Manage and maintain Splunk infrastructure, including indexers, search heads, and forwarders.
    • Perform regular server health checks and troubleshooting.
    • Implement backups and disaster recovery plans.
    • Upgrade Splunk software and apps to ensure best practices and security patching.
    • Onboard new log sources efficiently and accurately, ensuring data quality and integrity.
    • Implement and maintain compliance with CIM (Common Information Model) standards for data normalization and consistency.
  • Splunk Enterprise Security:
    • Design and implement security content, including rules, correlations, and dashboards.
    • Conduct threat hunting and incident investigation using Splunk UBA and Enterprise Security features.
    • Analyze alerts and security events to identify potential threats and vulnerabilities.
    • Collaborate with the security team to investigate and respond to security incidents.
    • Develop playbooks and incident response procedures.
  • Splunk UBA:
    • Configure and manage UBA for user and entity behavior analytics (UEBA).
    • Create and customize UBA detection rules and models.
    • Identify and investigate anomalous user activity.


  • 4-7 years of experience in IT security with a focus on SIEM and log management.
  • Strong expertise in Splunk Enterprise, Splunk Enterprise Security, or Splunk UBA.
  • Excellent understanding of security concepts, threats, and vulnerabilities.
  • Experience with threat hunting, incident investigation, and incident response.
  • Proven ability to analyze security logs and identify potential threats.
  • Excellent analytical and problem-solving skills.
  • Strong communication and collaboration skills.
  • Ability to work independently and as part of a team.
  • Bachelor's degree in computer science, information security, or a related field preferred.
  • Splunk certifications (e.g., Splunk Certified Admin, Splunk Certified Architect) a plus.


  • Company-paid health, dental and vision insurance plan option for the employee.
  • Up to a 4% 401k company match that vests immediately, it’s yours to keep.
  • Generous paid time off and 10 holidays per year.
  • Paid time off to vote and volunteer.
  • Paid time off on your birthday because it’s your special day.
  • Up to $100 per month for your internet and cell phone service.
  • Team building events.
  • Showing 5ironCyber’s commitment to win together, all employees received a 10% Bonus in 2023.


  • All candidates will be required to take an extensive background screen, credit screen, and drug screen prior to employment.
  • This is an on-site position based in Franklin, TN or Raleigh, NC.