Description Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments. Dragonfli Group is seeking a Senior Security Engineer with deep Splunk content engineering expertise and a proven track record in insider risk detection. This is a detection-engineering-forward role requiring hands-on SPL development, alert fidelity improvement, and operational investigation support across a complex enterprise toolset including Splunk Enterprise Security, UEBA, CrowdStrike Falcon, Microsoft Purview/Defender/Entra, DLP, and Databricks. This is a multi-year contract position supporting a large U.S. federal agency. Candidates with prior federal contracting experience are preferred. U.S. Citizenship required. All work must be performed within the continental United States. Primary Responsibilities: Detection Engineering and Content Development Design, build, and maintain insider risk detection use cases and monitoring workflows with a primary focus on Splunk Enterprise Security, UEBA, and SPL content engineering Write, optimize, and operationalize Splunk searches, correlation rules, dashboards, and alerts to improve fidelity and reduce false positives Develop and refine detection use cases targeting anomalous user behavior, data exfiltration, policy violations, and suspicious endpoint activity Investigate alert and case trends to identify opportunities for rule tuning, use case expansion, and operational maturity improvement Incident Response and Investigation Support incident triage, investigation, and response related to insider risk, suspicious user behavior, and potential data misuse Perform CrowdStrike Falcon alert review, tuning, and incident response support including false positive identification and credible threat escalation Lead and assist in investigations involving potential insider threats, intellectual property matters, fraud, and high-stakes security incidents Program and Tool Maturation Develop and maintain playbooks and response workflows for insider risk scenarios Administer and optimize the insider risk toolset: Splunk ES, UEBA, CrowdStrike, Microsoft Purview/Defender/Entra, DLP, and adjacent technologies Analyze current tool utilization and recommend enhancements to improve detection visibility, investigation efficiency, and operational coverage Support continuous improvement across Splunk, CrowdStrike, Microsoft, DLP, Databricks, and SOAR platforms Implement federal government and industry standards related to insider threat programs and maintain programmatic gap analyses Stakeholder Coordination Partner with security operations, insider risk, cyber defense, and business stakeholders to improve detection coverage and response posture Coordinate with technology and business leaders to develop programmatic solutions and deliver executive-level presentations on findings and program status Requirements Must-Have Qualifications: 7+ years of experience in cybersecurity, security operations, threat detection, insider risk, or incident response 3-5+ years of hands-on Splunk experience including Splunk Enterprise Security, UEBA, content development, alerting, and dashboarding Demonstrated experience writing and optimizing Splunk Search Processing Language (SPL) Experience with CrowdStrike Falcon including alert triage, incident response support, detection tuning, and false positive reduction 2+ years of investigation experience involving insider risk, security incidents, technical investigations, intellectual property matters, fraud, or related areas Experience developing and improving detection use cases, playbooks, and operational workflows Experience working in a heavily regulated environment (federal or financial sector preferred) Strong analytical, communication, and stakeholder coordination skills U.S. Citizenship required Preferred Qualifications: Experience with DLP, Microsoft Purview, or other insider risk and data protection technologies Experience with SOAR workflows and security automation Familiarity with machine learning concepts applied to insider risk or anomaly detection Experience with endpoint, user behavior, and data activity monitoring in enterprise environments Exposure to Databricks for security analytics, data investigation, or large-scale data analysis use cases Experience in digital forensics and incident response (DFIR) Prior experience supporting large U.S. federal agency contracts BS/BA in a cybersecurity-related field (direct experience or professional certifications may substitute) Relevant certifications: Splunk Core Certified Power User, Splunk Enterprise Security Certified Admin, GCIA, GCIH, GCFE, CISSP, or equivalent Skill(s) Splunk ES / SPL / UEBA: Content engineering, alerting, dashboarding, and tuning Insider Risk Detection: Use case development, playbook creation, investigation support CrowdStrike Falcon: Alert triage, detection tuning, incident response Microsoft Security Stack: Purview, Defender, Entra DLP and Data Protection Technologies Analytical and Communication Skills: Executive-level reporting, cross-functional coordination Regulated Environment Experience: Federal or financial sector standards and compliance Benefits Insurance - health, dental, and vision Paid Time Off (PTO) and 11 Federal Holidays 401(k) employer match
Associate Risk Engineer (Underwriter), Executive Risks
Coalition, Inc.
AVP, Risk Engineering Specialist- Power generation
Zurich
Risk Engineering Consultant or Senior Risk Engineering Consultant -Construction Casualty
Zurich
Software Engineer II, Machine Learning, Risk Engineering
Etsy
Technology Risk Director- Enterprise Engineering
Candidate Experience site
Senior Risk Engineer II - Property
Allianz