[Hiring] Insider Risk Engineer @Dragonfli Group

Role Description

Dragonfli Group is seeking a Senior Security Engineer with deep Splunk content engineering expertise and a proven track record in insider risk detection. This is a detection-engineering-forward role requiring hands-on SPL development, alert fidelity improvement, and operational investigation support across a complex enterprise toolset including Splunk Enterprise Security, UEBA, CrowdStrike Falcon, Microsoft Purview/Defender/Entra, DLP, and Databricks.

This is a multi-year contract position supporting a large U.S. federal agency. Candidates with prior federal contracting experience are preferred. U.S. Citizenship required. All work must be performed within the continental United States.

Primary Responsibilities

• Detection Engineering and Content Development:
  • Design, build, and maintain insider risk detection use cases and monitoring workflows with a primary focus on Splunk Enterprise Security, UEBA, and SPL content engineering.
  • Write, optimize, and operationalize Splunk searches, correlation rules, dashboards, and alerts to improve fidelity and reduce false positives.
  • Develop and refine detection use cases targeting anomalous user behavior, data exfiltration, policy violations, and suspicious endpoint activity.
  • Investigate alert and case trends to identify opportunities for rule tuning, use case expansion, and operational maturity improvement.
• Incident Response and Investigation:
  • Support incident triage, investigation, and response related to insider risk, suspicious user behavior, and potential data misuse.
  • Perform CrowdStrike Falcon alert review, tuning, and incident response support including false positive identification and credible threat escalation.
  • Lead and assist in investigations involving potential insider threats, intellectual property matters, fraud, and high-stakes security incidents.
• Program and Tool Maturation:
  • Develop and maintain playbooks and response workflows for insider risk scenarios.
  • Administer and optimize the insider risk toolset: Splunk ES, UEBA, CrowdStrike, Microsoft Purview/Defender/Entra, DLP, and adjacent technologies.
  • Analyze current tool utilization and recommend enhancements to improve detection visibility, investigation efficiency, and operational coverage.
  • Support continuous improvement across Splunk, CrowdStrike, Microsoft, DLP, Databricks, and SOAR platforms.
  • Implement federal government and industry standards related to insider threat programs and maintain programmatic gap analyses.
• Stakeholder Coordination:
  • Partner with security operations, insider risk, cyber defense, and business stakeholders to improve detection coverage and response posture.
  • Coordinate with technology and business leaders to develop programmatic solutions and deliver executive-level presentations on findings and program status.

Qualifications

• 7+ years of experience in cybersecurity, security operations, threat detection, insider risk, or incident response.
• 3-5+ years of hands-on Splunk experience including Splunk Enterprise Security, UEBA, content development, alerting, and dashboarding.
• Demonstrated experience writing and optimizing Splunk Search Processing Language (SPL).
• Experience with CrowdStrike Falcon including alert triage, incident response support, detection tuning, and false positive reduction.
• 2+ years of investigation experience involving insider risk, security incidents, technical investigations, intellectual property matters, fraud, or related areas.
• Experience developing and improving detection use cases, playbooks, and operational workflows.
• Experience working in a heavily regulated environment (federal or financial sector preferred).
• Strong analytical, communication, and stakeholder coordination skills.
• U.S. Citizenship required.

Preferred Qualifications

• Experience with DLP, Microsoft Purview, or other insider risk and data protection technologies.
• Experience with SOAR workflows and security automation.
• Familiarity with machine learning concepts applied to insider risk or anomaly detection.
• Experience with endpoint, user behavior, and data activity monitoring in enterprise environments.
• Exposure to Databricks for security analytics, data investigation, or large-scale data analysis use cases.
• Experience in digital forensics and incident response (DFIR).
• Prior experience supporting large U.S. federal agency contracts.
• BS/BA in a cybersecurity-related field (direct experience or professional certifications may substitute).
• Relevant certifications: Splunk Core Certified Power User, Splunk Enterprise Security Certified Admin, GCIA, GCIH, GCFE, CISSP, or equivalent.

Skill(s)

• Splunk ES / SPL / UEBA: Content engineering, alerting, dashboarding, and tuning.
• Insider Risk Detection: Use case development, playbook creation, investigation support.
• CrowdStrike Falcon: Alert triage, detection tuning, incident response.
• Microsoft Security Stack: Purview, Defender, Entra.
• DLP and Data Protection Technologies.
• Analytical and Communication Skills: Executive-level reporting, cross-functional coordination.
• Regulated Environment Experience: Federal or financial sector standards and compliance.

Benefits

• Insurance - health, dental, and vision.
• Paid Time Off (PTO) and 11 Federal Holidays.
• 401(k) employer match.
• Travel.