Description
Description
SAIC is seeking qualified applicants to support a cutting-edge data, analytics, and AI platform. The Continuous Monitoring Team Lead (Splunk) is a critical SME role working across Splunk, ServiceNow, and supporting security platform technologies to build analytic maturity and integrations with SOAR, UEBA, and Zero Trust Architecture. Mature analytics and normalized data will support 10+ cyber teams who are also working with other task areas that handle customer relationships, service portfolio and catalog management, software engineering & development, data/AI engineering, IT systems operations, and use case intake and analytics for DoW enterprise-scale mission objectives expected in Spring/Summer 2026.
Positions are contingent pending contract award.
The work will be performed in the Alexandria, Virginia. Some work may be performed remotely, subject to Government approval.
Job Responsibilities:
-
Lead the Continuous Monitoring Team in designing, building, and maturing enterprise cybersecurity analytics across Splunk, supporting continuous monitoring objectives across all CSP/security enclaves.
-
Architect and develop advanced Splunk use cases, dashboards, and custom applications to enable proactive detection, visibility, and decision support for 10+ cyber teams.
-
Design and implement data normalization strategies, including field extractions, CIM alignment, and data model optimization to improve analytic fidelity and reuse.
-
Integrate Splunk with ServiceNow, SOAR platforms, UEBA capabilities, and Zero Trust Architecture to enable automated workflows and enriched operational context.
-
Identify and close visibility gaps by engineering new analytics, correlations, and data onboarding strategies to enhance enterprise monitoring coverage.
-
Collaborate with data/AI engineering teams to incorporate AI/ML-driven analytics, automation, and intelligent alerting into Splunk-based monitoring solutions.
-
Evaluate and optimize data quality, ingestion pipelines, and telemetry sources to ensure high-confidence analytics and reduced false positives.
-
Develop reusable analytic content and patterns based on threat intelligence, lessons learned, and evolving mission requirements, enabling other teams to scale detection and monitoring capabilities.
Qualifications
Bachelors & 14+ years of related experience, Masters & 12+ years of experience, or PhD or JD & 9+ years of experience.
Active TS/SCI Clearance
Knowledge, Skills, Abilities, and Competencies:
Deep expertise in Splunk architecture, including experience manipulating the functionality of Splunk roles and clustering architectures. Splunk Enterprise Security certification preferred. Splunk Architect, Consultant, or Defense Engineer certification preferred. Splunk Admins with well-defined Splunk App Building experience will be considered. At least a Splunk Administrator certification is required, with growth expectation of achieving Splunk Architect in 12 months or less.
Demonstrated ability to build and deploy custom Splunk apps, preferably including development with AI agents in controlled environments and promotion to production.
Strong proficiency in data normalization, including field extraction, CIM compliance, and extensive use of Splunk data models for scalable analytics.
Advanced understanding of how data quality impacts analytics, CMDB alignment, AI/ML effectiveness, incident noise reduction, and Zero Trust implementations.
Experience integrating Splunk with enterprise platforms such as ServiceNow, Splunk SOAR, and Splunk UEBA, and ServiceNow to support automation and operational workflows.
Ability to design and deliver analytic outputs and reporting that provide actionable insights into system performance, vulnerabilities, and cybersecurity posture.
Relevant DoD 8140 (or 8570 equivalent) certification required; advanced certifications (e.g., CISSP, CCSP) and exposure to AI/ML or data engineering concepts preferred.
Apply on company website
Find Connections via Linkedin
