Splunk Architect

What You'll Do:

• You will help design the future state Splunk environment that supports 24x7x365 monitoring efforts.
SIEM & Security Architecture
• Architect and maintain an enterprise-grade Splunk SIEM platform supporting SOC operations and security use cases
• Design and optimize Splunk architecture including indexer clusters, search head clusters, data pipelines, and retention strategies to support security telemetry at scale
• Lead architecture decisions for Splunk Enterprise Security (ES) or equivalent security frameworks
• Align Splunk architecture with MITRE ATT&CK, threat detection, and incident response workflows
Data Ingestion & Normalization
• Design secure and scalable ingestion for diverse security data sources, including: Network, endpoint, identity, and cloud security logs EDR, NDR, firewalls, IDS/IPS, IAM, and SaaS platforms
• Ensure data quality through effective parsing, normalization, CIM compliance, and enrichment
• Implement data onboarding standards and validation processes to support reliable detections
Detection Engineering & SOC Enablement
• Partner with SOC and detection engineering teams to Enable high-confidence correlation searches and alerts Improve signal-to-noise ratio and reduce false positives Support threat hunting and investigative workflows
• Optimize Splunk searches, data models, and acceleration for real-time and near-real-time detections
• Support incident response, forensic investigations, and post-incident reviews
Platform Operations & Governance
• Establish Splunk security, access controls, and role-based permissions
• Lead Splunk performance tuning, health monitoring, and troubleshooting
• Plan and manage capacity, licensing, and cost optimization for security workloads
• Lead platform upgrades, migrations (on‑prem to cloud), and disaster recovery planning
• Define Splunk architectural standards, documentation, and operational runbooks
Leadership & Collaboration
• Serve as the Splunk SIEM subject matter expert across the organization
• Mentor and guide Splunk engineers, security analysts, and administrators
• Translate security and compliance requirements into scalable technical solutions
• Collaborate with compliance, risk, and audit teams to support regulatory needs

What You Have:

• Experience supporting Federal government agencies
• Splunk certifications (especially Splunk Enterprise Security Certified Admin or Splunk Architect)
• 7+ years of hands-on experience with Splunk in security/SIEM environments
• Proven experience designing and supporting Splunk Enterprise Security (ES) or comparable SIEM solutions
• Deep expertise in:Indexer and Search Head Clustering
• Data onboarding, props/transforms, and CIM
• Performance tuning for security workloads
• Strong understanding of SOC operations, incident response, and threat detection
• Experience with Linux/Unix systems
• Proficiency in scripting (Python, Bash, or similar)Experience integrating Splunk with security tools and cloud platforms (AWS, Azure, GCP)
• Strong communication skills with both technical security teams and leadership
• Experience with MITRE ATT&CK mapping, detection engineering, or threat hunting
• Familiarity with compliance frameworks such as SOC 2, PCI-DSS, HIPAA, ISO 27001Experience supporting 24x7 SOC environments
• Exposure to SOAR platforms and automated response workflows

What We Offer:

• 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed  
• Medical, Dental, and Vision Insurance (available on the 1st day of the month following your first day of employment)  
• Group Term Life, Short-Term Disability, Long-Term Disability  
• Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness  
• Participation in the Discretionary Time Off (DTO) Program  
• 11 Paid Holidays Annually