Splunk Architect / SOC Analyst

We are seeking a Splunk Architect / SOC Analyst who can operate at the intersection of security engineering, threat analysis, and defensive operations. This role requires someone capable of designing and maintaining log and telemetry pipelines, leading investigations, and contributing to policy shaping based on real-world security findings. The ideal candidate brings a balanced combination of red-team awareness, blue-team defensive skill, and purple-team communication, enabling them to understand attacker behavior, detect malicious activity, and strengthen enterprise defenses. This is a hands-on, on-site role that requires strong technical fundamentals and the ability to explain and defend security decisions.
Key Responsibilities:

• Administer and optimize SIEM ingestion pipelines, data parsing, forwarders, and indexing.

• Develop high-fidelity searches, dashboards, correlation rules, and alerting logic.

• Maintain log source integrity and ensure reliable telemetry across the environment.

• Collaborate with incident responders, system administrators, and leadership to improve visibility.

• Monitor, triage, and investigate alerts across multiple data sources.

• Conduct root-cause analysis and produce clear documentation of findings.

• Improve detection logic through continuous tuning and behavior-based modeling.

• Identify gaps in monitoring, detection coverage, or system hardening.

• Lead proactive hunts based on threat intelligence, observed behaviors, or hypotheses.

• Build custom analytic queries to uncover suspicious patterns or attacker tradecraft.

• Pivot across logs, system data, authentication patterns, and network activity.

• Provide recommendations to enhance defensive posture.

• Apply an attacker mindset to anticipate exploitation paths and identify blind spots.

• Evaluate how techniques such as lateral movement, privilege escalation, and persistence appear in logs.

• Communicate effectively with offensive and defensive stakeholders to close detection gaps.

• Explain how Linux and Windows systems behave during real-world attack sequences.

• Demonstrate knowledge of processes, logs, services, authentication, and system interactions.

• Understand VMs (hypervisors, virtual hardware, isolation) and how containers differ.

• Interpret OS behavior across network layers and packet flow.

• Translate technical findings into policy recommendations.

• Shape detection and response policies based on real attacker behaviors and validated risks.

• Produce clear guidance for leadership without oversimplifying technical concepts.

Clearance: Active TS/SCI with CI Polygraph

Foundational Splunk Knowledge

• Ability to administer and maintain indexes, inputs, parsing, and forwarders.

• Proficiency in SPL for searches, dashboards, alerts, and investigations.

• Ability to diagnose ingestion, parsing, and data quality issues.

SOC & Detection Experience

• Experience with log analysis, incident triage, and security investigations.

• Ability to identify malicious behavior in authentication logs, endpoints, and network flow.

• Familiarity with intrusion analysis and attacker behavior mapping.

Threat Hunting Competency

• Hypothesis-driven methodology.

• Ability to identify weak signals of compromise.

• Understanding of attack chains and detection points.

Red/Blue/Purple Mindset

• Ability to speak confidently about offensive techniques.

• Understanding of how attacker actions appear in defensive telemetry.

• Comfortable collaborating across disciplines.

OS + Virtualization Fundamentals

• Strong grounding in Linux and Windows internals, logging, and services.

• Ability to explain OS behavior during network, authentication, and system events.

• Understanding of virtual machines, hypervisors, and container architectures.

Analytical & Communication Skills

• Ability to write clear, concise summaries of investigations.

• Skill in translating technical findings into actionable recommendations.

• Ability to shape policy based on observed risks.

• Experience in a SOC, security engineering team, or threat hunting role.

• Familiarity with scripting or automation (PowerShell, Bash, Python).

• Experience with large enterprise or government environments.

• Ability to explain complex security concepts to leadership.

Salary Range: $200,000 – $250,000 annually
Final compensation will depend on experience, qualifications, internal equity, and market data. DarkStar provides a competitive and comprehensive benefits package for full-time employees.

Travel: Minimal
Work Environment: On-site at Fort Meade, MD

All applicants must be U.S. citizens and maintain eligibility for a U.S. government security clearance.