Information Security Engineer

Information Security Engineer

Position Overview:

We are seeking a highly skilled Information Security Engineer with deep expertise in Splunk and Splunk Enterprise Security to join our cybersecurity team. The ideal candidate will have extensive engineering experience across multiple security domains, including SIEM, SOAR, Cloud Security, system administration, vulnerability management, network security/firewalls, API integration, scripting, and automation. This position will play a critical role in implementing, managing, and optimizing information security technologies and capabilities within a large, complex, higher ed enterprise environment.

ITS at UVA is a phenomenal place to lead, grow, and deliver impact. It's an organization that values results and teamwork. We like the people we work with and the work we get to do. ITS values work-life balance and provides flexible work location options where possible. Please see additional information aboutjoining our team.

Benefits Include: The choice between 3 different health plans; vision and dental insurance; retirement plans; life insurance; benefits savings accounts; starting with 22 days of paid time off a year in addition to 12 or more paid holidays; 8 weeks of paid parental leave; short term disability; up to $4,360 after your first year for combined use of tuition toward a degree-seeking program or up to $2,000 for professional development including classes, certification training and conferences; and more!

Key Duties and Responsibilities:

Splunk & Splunk Enterprise Security

• Serve as a subject matter expert (SME) for Splunk and Splunk Enterprise Security, providing end-to-end support, tuning, and optimization.
• Architect, deploy, configure, and maintain Splunk heavy forwarders, deployment servers, and other components in a distributed environment.
• Coordinate with Splunk support to monitor performance, plan upgrades, and resolve problems.
• Manage, integrate, and optimize large-scale, high-volume data source ingestion into Splunk, ensuring visibility across a complex IT landscape.
• Develop custom Splunk dashboards, alerts, reports, and correlation searches to enhance security monitoring and detection capabilities.
• Automate security workflows using SOAR for streamlined incident response.
• Troubleshoot Splunk performance issues, optimize indexing strategies, and fine-tune searches for efficiency.

Security Architecture, Engineering, and Operations

• Implement and maintain a variety of security infrastructure solutions such as SIEM, SOAR, firewalls, IDS/IPS, EDR, vulnerability management, honeypots, etc.
• Ensure the security and performance of underlying Windows, Linux, and appliance-based security infrastructure, including server hardening and patch management.
• Support network security controls, including firewall configurations, intrusion detection systems, and segmentation strategies.

Automation, API Integration & Scripting

• Develop automation scripts using Python, PowerShell, Bash, or similar scripting languages to improve operational efficiency.
• Leverage APIs to integrate security tools, automate log ingestion, and improve security orchestration.

Cloud Security & Compliance

• Secure and monitor workloads in AWS, Azure, and/or Google Cloud, leveraging native security controls and integrating with SIEM/SOAR platforms.
• Ensure compliance with industry security standards and frameworks (e.g., NIST, CIS, ISO 27001/27002, etc.)

Qualifications & Skills:

Required:

• 7+ years of experience and demonstrated success in security engineering roles with a focus on SIEM, SOAR, and automation.
• Extensive expertise in Splunk and Splunk Enterprise Security – administration, tuning, troubleshooting, and data onboarding, including Splunk data models and Common Information Model (CIM) compliance.
• Proficiency in scripting and automation using Python, PowerShell, or Bash.
• Strong knowledge of Windows and Linux system administration, security hardening, and performance optimization.
• Detailed knowledge of information security principles and best practices
• Understanding of cloud security principles and best practices (AWS, Azure, GCP).
• Understanding of firewall and network security technologies, IDS/IPS.
• Experience integrating security tools via APIs and automation.
• Excellent communication skills and the ability to work collaboratively with cross-functional teams.

Preferred:

• Bachelor’s Degree in a related field (Computer Science, Information Security, etc.)
• Experience with Splunk SOAR (Phantom) for security automation and orchestration.
• Experience with Cribl for log ingestion, pruning, and enrichment.
• Certifications such as Splunk Certified Admin/Architect, Splunk Certified Cybersecurity Defense Engineer, Splunk SOAR Certified Automation Developer, CISSP, AWS Security Specialty, SANS/GIAC, Security+.
• Experience with compliance frameworks such as ISO 27001/27002, CIS, NIST CSF, NIST 800-171, NIST 800-53.

Why Join Us?

• Work in a high-impact role with cutting-edge security technologies in a complex enterprise environment.
• Opportunity to drive automation and innovation in security operations.
• Collaborative and dynamic work culture with professional growth opportunities.
• Competitive salary, benefits, and continuous learning opportunities.

Location: Remote some on site work as needed
Employment Type: Full-Time
Reports To: Information Security Officer, Engineering and Operations

To Apply:

Please apply through Careers at UVA, and search for R0069698 . Internal applicants must apply through their UVA Workday profile by searching ‘Find Jobs’ or through their “Jobs Hub’. Applicants must complete an application online with the following documents:

• Cover letter to include your interest in the position and how your relevant experience pertains to this position.
• Resume or CV

***Please note that you MUST upload ALL documents into the CV/Resume box. Applications that do not contain all of the required documents will not receive full consideration. ***

For questions about the application process, please contact Bill Crane, IT recruiter xer5ff@virginia.edu

For more information about UVA and the Charlottesville community please see Charlottesville & Beyond and Embark Central Virginia.

PHYSICAL DEMANDS:

This is primarily a sedentary job involving extensive use of desktop computers. The job does occasionally require traveling some distance to attend meetings, and programs.

MINIMUM REQUIREMENTS

Education: High School Diploma, Bachelor's Degree Preferred.
Experience: 5 years.
Licensure: None.

PHYSICAL DEMANDS

This is primarily a sedentary job involving extensive use of desktop computers. The job does occasionally require traveling some distance to attend meetings, and programs.

The University of Virginia, including the UVA Health System which represents the UVA Medical Center, Schools of Medicine and Nursing, UVA Physicians Group and the Claude Moore Health Sciences Library, are fundamentally committed to the diversity of our faculty and staff. We believe diversity is excellence expressing itself through every person's perspectives and lived experience. We are equal opportunity employers. All qualified applicants will receive consideration for employment without regard to age, color, disability, gender identity or expression, marital status, national or ethnic origin, political affiliation, race, religion, sex, pregnancy, sexual orientation, veteran or military status, and family medical or genetic information.