Splunk Architect / SOC Analyst

About The Position

Requirements

• Clearance: Active TS/SCI with CI Polygraph
• Foundational Splunk Knowledge
• Ability to administer and maintain indexes, inputs, parsing, and forwarders.
• Proficiency in SPL for searches, dashboards, alerts, and investigations.
• Ability to diagnose ingestion, parsing, and data quality issues.
• SOC & Detection Experience
• Experience with log analysis, incident triage, and security investigations.
• Ability to identify malicious behavior in authentication logs, endpoints, and network flow.
• Familiarity with intrusion analysis and attacker behavior mapping.
• Threat Hunting Competency
• Hypothesis-driven methodology.
• Ability to identify weak signals of compromise.
• Understanding of attack chains and detection points.
• Red/Blue/Purple Mindset
• Ability to speak confidently about offensive techniques.
• Understanding of how attacker actions appear in defensive telemetry.
• Comfortable collaborating across disciplines.
• OS + Virtualization Fundamentals
• Strong grounding in Linux and Windows internals, logging, and services.
• Ability to explain OS behavior during network, authentication, and system events.
• Understanding of virtual machines, hypervisors, and container architectures.
• Analytical & Communication Skills
• Ability to write clear, concise summaries of investigations.
• Skill in translating technical findings into actionable recommendations.
• Ability to shape policy based on observed risks.

Nice To Haves

• Experience in a SOC, security engineering team, or threat hunting role.
• Familiarity with scripting or automation (PowerShell, Bash, Python).
• Experience with large enterprise or government environments.
• Ability to explain complex security concepts to leadership.

Responsibilities

• Administer and optimize SIEM ingestion pipelines, data parsing, forwarders, and indexing.
• Develop high-fidelity searches, dashboards, correlation rules, and alerting logic.
• Maintain log source integrity and ensure reliable telemetry across the environment.
• Collaborate with incident responders, system administrators, and leadership to improve visibility.
• Monitor, triage, and investigate alerts across multiple data sources.
• Conduct root-cause analysis and produce clear documentation of findings.
• Improve detection logic through continuous tuning and behavior-based modeling.
• Identify gaps in monitoring, detection coverage, or system hardening.
• Lead proactive hunts based on threat intelligence, observed behaviors, or hypotheses.
• Build custom analytic queries to uncover suspicious patterns or attacker tradecraft.
• Pivot across logs, system data, authentication patterns, and network activity.
• Provide recommendations to enhance defensive posture.
• Apply an attacker mindset to anticipate exploitation paths and identify blind spots.
• Evaluate how techniques such as lateral movement, privilege escalation, and persistence appear in logs.
• Communicate effectively with offensive and defensive stakeholders to close detection gaps.
• Explain how Linux and Windows systems behave during real-world attack sequences.
• Demonstrate knowledge of processes, logs, services, authentication, and system interactions.
• Understand VMs (hypervisors, virtual hardware, isolation) and how containers differ.
• Interpret OS behavior across network layers and packet flow.
• Translate technical findings into policy recommendations.
• Shape detection and response policies based on real attacker behaviors and validated risks.
• Produce clear guidance for leadership without oversimplifying technical concepts.

Benefits

• Medical, dental, and vision plans
• Life insurance, short-term disability, and long-term disability
• 401(k) plan with employer contributions
• Employee Assistance Program (EAP) and legal services
• Generous PTO, 11 paid federal holidays, and one floating holiday
• LegalShield and IDShield
• Whole life, accident, and critical care coverage