Dragonfli Group

Manage and support enterprise endpoint security platforms, including configuration, incident response, and integration. | Experience with endpoint security platforms, security incident response, and federal security guidelines; familiarity with CrowdStrike Falcon preferred. | Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments.The Senior Endpoint Security Engineer supports a large U.S. federal agency by owning the reliability, configuration, and operational effectiveness of enterprise endpoint security platforms, with a primary focus on CrowdStrike Falcon. This role is responsible for ensuring continuous operation, secure configuration, integration, and incident responsiveness of endpoint detection and response (EDR) capabilities across a complex enterprise environment. The position is deeply hands-on, focused on platform administration, production support, and operational resilience rather than automation architecture or SOC analysis.This is a multi-year federal contract, fully remote (CONUS only). U.S. Citizenship or Permanent Residency required.Responsibilities:Ensure continuous operation and stability of enterprise endpoint security platformsAdminister and maintain CrowdStrike Falcon, including EDR, Identity Protection, Forensics, and related modulesConfigure endpoint security policies in alignment with federal security guidelines and best practicesPerform production testing, validation, and change support for EDR componentsIntegrate EDR capabilities with other security systems and servicesTroubleshoot complex endpoint security issues in collaboration with security, infrastructure, and operations teamsRespond to and support endpoint-related security incidents to ensure operational resilienceDevelop and maintain security baselines, configurations, and operational documentationAdapt platform configurations to evolving threats, tools, and mission requirementsContribute to continuous improvement of endpoint security posture across the enterprise

Oversee development and integration of cybersecurity automation and AI solutions, and support security operations. | 7+ years in cybersecurity with expertise in SOAR, AI/ML, automation, incident response, and relevant certifications. | Job Description: • Oversee the development, integration, and operationalization of SOAR and AI capabilities. • Serve as the primary subject matter expert for SOAR and AI solutions. • Design and implement solutions leveraging native SOAR and AI features. • Expand SOAR and AI adoption to strengthen automated incident response. • Design and maintain automation tools and dashboards. • Support multiple security domains with automation tools. • Proactively manage risk and respond to emerging cyber challenges. • Develop and maintain security workflows, playbooks, and dashboards. Requirements: • Seven or more years of experience in cybersecurity, including SOAR and enterprise AI implementation. • Hands-on experience with security automation and AI/ML modeling tools. • Experience designing, developing, and maintaining automation tools and systems. • Strong understanding of incident response and threat detection best practices. • Proficiency in cloud infrastructure and native AI capabilities. • Ability to identify systemic security issues based on vulnerability and configuration data analysis. • Ability to produce technical documentation. • Relevant certifications such as CASP, Security+, CISSP, or CISM. Benefits: • Insurance – health, dental, and vision • Paid Time Off (PTO) and 11 Federal Holidays • 401(k) employer match

Design and maintain enterprise-wide Splunk environments across hybrid infrastructure while developing complex dashboards and automating configurations. Collaborate with cross-functional stakeholders to ensure robust monitoring and system performance tuning. | Candidates must have over 5 years of Splunk experience and proficiency in writing complex queries and dashboards using SPL. Strong problem-solving skills and the ability to mentor junior engineers are also essential. | Description Dragonfli Group is a cybersecurity and IT consulting firm headquartered in Washington, DC, serving federal and commercial clients nationwide. We deliver mission-driven consulting services across security engineering, cloud infrastructure, data science, and digital modernization. We are seeking a highly skilled Splunk Cybersecurity Engineer SME to support a large federal agency. In this senior-level role, you will lead the design, deployment, automation, and maintenance of Splunk in a complex hybrid infrastructure. This includes operational support, Splunk integrations, security alignment, and real-time data analytics across on-premises and cloud environments. You’ll collaborate with cross-functional stakeholders from DevOps, Security, and IT Operations to ensure robust monitoring, system availability, and performance tuning at scale. This is a remote role (U.S. only) with potential occasional off-hours or weekend support. U.S. Citizenship or Permanent Residency is required. Responsibilities Design and maintain enterprise-wide Splunk environments across hybrid infrastructure Develop complex dashboards, alerts, and searches using SPL Automate configuration, ingestion pipelines, and system performance tuning Integrate Splunk with cloud platforms (AWS, GCP, Azure) and external systems via APIs Troubleshoot ingest, parsing, and data integrity issues Guide data onboarding and architecture across large-scale projects Mentor junior engineers and support technical escalation Align Splunk capabilities with cybersecurity policies and compliance (FISMA, FedRAMP, NIST) Requirements Must-Have: 5+ Years of Splunk Experience Required Manages knowledge objects (fields, extractions, tags, event types, lookups, workflow actions, aliases, macros, and so on) – through automations, scripting, management server functions; to include .conf and .cfg files in scope of the last four Splunk Enterprise versions Experience with Splunk deployment and configuration management in large-scale environments Proficiency in writing complex Splunk queries, dashboards, and alerts using SPL (Search Processing Language) Experience with REST APIs for Splunk and external system integration Ability to analyze and troubleshoot complex data ingestion and parsing issues Designing and developing an automations workflow and dashboard interface for such Self-starter with a service-oriented mindset who will take action, find ways to solve problems, and move projects to conclusion independently Strong problem-solving skills and the ability to translate research insights into practical solutions that address real-world challenges. Strong communication and collaboration skills with the ability to articulate complex technical concepts to both technical and non-technical audiences. Experience in mentoring and guiding junior researchers or team members Preferred: Ability to leverage the Splunk AI Assistant and other AI tools to increase accuracy and efficiency of task and other deliverables Advanced knowledge of Unix/Linux and/or Windows systems administration and troubleshooting Strong scripting skills in Bash, Python, JavaScript, SQL and PowerShell for automation and integration tasks Experience with Splunk upgrades, patching, and performance tuning Proficiency in integrating Splunk with cloud platforms (AWS, GCP, Azure) Understanding of security and compliance requirements and implementation of role-based access controls (RBAC) in Splunk Strong knowledge of logging standards and best practices across application and infrastructure layers Extensive knowledge of defense-in-depth principles, Network and Security architecture, network topology, IT device integrity, and common security elements. Executes new projects as well as data and user onboarding Strong understanding of IT and Cyber industry standards and technologies to include such controls governed by NIST, FISMA, and FedRamp Experience installing and utilizing and developing with the Splunk App for Data Science and Deep Learning. Experience installing and utilizing and developing with the Splunk SOAR Automation toolset Experience or background in the Cybersecurity, Systems/Network Administration or Observability industry Skill(s) Splunk architecture and engineering (5+ years) System automation and scripting Cloud and on-prem systems integration Troubleshooting, dashboarding, and query optimization Strong interpersonal and communication skills Benefits Insurance - health, dental, vision PTO & 11 Federal Holidays 401(k), employer match Travel None