Principal Data Security Scientist

About Aquia Inc.

Named the “#1 Best Remote Startup to Work For in 2025” by Built In, Aquia is a digital services firm specializing in cloud infrastructure, cybersecurity, and compliance automation for the U.S. government.  

Founded by Veterans, we are passionate about making our country digitally capable and secure. Since 2021, we’ve generated millions in cost savings through cloud services and licensing optimization, enabled civil servants to double health care fraud investigations through streamlined cloud-based systems, and reduced authorization timelines by 74% through modernized security processes. Last year, we were named the 2024 Service-Disabled Veteran-Owned Business (SDVOSB) of the Year by the Department of Health and Human Services (HHS).

We are seeking a Principal Data Security Scientist with deep Splunk expertise and a passion for proactive cyber threat hunting. This is a senior leadership role on a cybersecurity mission where the focus is not on responding to existing alerts—but on discovering new, novel signs of suspicious behavior in logs, identifying repeatable threat patterns, and converting those insights into high-fidelity detections.

The ideal candidate is both an advanced data analyst and a team mentor, capable of navigating unstructured log data, recognizing subtle threat signals, and guiding a team to operationalize findings into actionable detection content. Experience collaborating with stakeholders over multiple distinct enterprise security functions will be crucial.

What you'll do

• Proactive Threat Hunting in Splunk
  • Analyze vast volumes of unfiltered log data (e.g., authentication, process, endpoint, cloud, network) to identify anomalies, weak signals, and suspicious patterns.
  • Develop and refine custom SPL-based searches to surface potentially malicious behavior overlooked by default alerts.
  • Apply frameworks like MITRE ATT&CK to map TTPs and explore emerging adversary behaviors.
  • Build, maintain, and document detection models in Splunk with Machine Learning Tool Kit (MLTK).
• Detection Development & Content Engineering
  • Convert threat hunt findings into repeatable detection logic, aligned to known threat models and environmental context.
  • Build and manage data models, tags, macros, and knowledge objects to support scalable alerting and correlation.
  • Partner with the SOC to hand off validated detections and assist in refining alert thresholds and response workflows.
• Leadership & Team Enablement
  • Lead and mentor a small team of data engineers and cyber analysts engaged in threat detection, Splunk development, and SOC support.
  • Ensure hunt methodology, documentation, and detection output meet mission standards.
  • Support continuous improvement of internal hunt frameworks, content lifecycle, and detection engineering processes.
  • Interface directly with cybersecurity stakeholders to align hunt priorities to mission goals.
  • Help shape threat hypotheses and investigative paths based on threat intel, incident trends, and strategic risk areas.
  • Deliver insights and recommendations through clear, actionable communication—verbally and in writing.

What we're looking for:

• 7+ years of experience in cybersecurity analytics, data science, or detection engineering, including supervisory/team leadership.
• Advanced proficiency in Splunk and SPL, including working knowledge of Enterprise Security, CIM models, and threat hunting techniques.
• Proven track record of discovering unknown or low-signal cyber threats via log analysis and hypothesis-driven investigations.
• Experience supporting or collaborating with Security Operations Centers (SOCs), incident response, and threat intelligence teams.
• Deep familiarity with log sources across endpoints, authentication, cloud services, and infrastructure.
• Strong written and verbal communication skills, including stakeholder briefings, work scoping, and team mentorship.

Preferred qualifications:

• Experience leading hunt teams or detection efforts within a federal cybersecurity mission.
• Familiarity with MITRE ATT&CK, threat modeling, or detection-as-code pipelines.
• Current or prior TS/SCI clearance (or eligibility).
• Experience integrating and contextualizing threat intelligence feeds into hunt workflows.
• Experience participating in a consulting organization in a supervisory or management role.
• Experience with Alteryx for data transformation and enrichment.

Benefits

• Premium health care plans (90% employer-paid)
• Employee stock plan
• 100% 401k match (up to IRS annual max)
• Generous PTO package
• Personal training and development budget

Stay in touch

Sign up for our newsletter to receive updates on cloud and cybersecurity in the public sector and what's new at Aquia.

Aquia Inc. is an equal opportunity employer. We do not discriminate against any employee or applicant for employment because of race, color, sex, age, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any federal, state, or local protected class.