Splunk Architect

About The Position

Requirements

• Experience supporting Federal government agencies
• Splunk certifications (especially Splunk Enterprise Security Certified Admin or Splunk Architect)
• 7+ years of hands-on experience with Splunk in security/SIEM environments
• Proven experience designing and supporting Splunk Enterprise Security (ES) or comparable SIEM solutions
• Deep expertise in:Indexer and Search Head Clustering
• Data onboarding, props/transforms, and CIM
• Performance tuning for security workloads
• Strong understanding of SOC operations, incident response, and threat detection
• Experience with Linux/Unix systems
• Proficiency in scripting (Python, Bash, or similar)Experience integrating Splunk with security tools and cloud platforms (AWS, Azure, GCP)
• Strong communication skills with both technical security teams and leadership
• Experience with MITRE ATT&CK mapping, detection engineering, or threat hunting
• Familiarity with compliance frameworks such as SOC 2, PCI-DSS, HIPAA, ISO 27001Experience supporting 24x7 SOC environments
• Exposure to SOAR platforms and automated response workflows

Responsibilities

• You will help design the future state Splunk environment that supports 24x7x365 monitoring efforts.
• Architect and maintain an enterprise-grade Splunk SIEM platform supporting SOC operations and security use cases
• Design and optimize Splunk architecture including indexer clusters, search head clusters, data pipelines, and retention strategies to support security telemetry at scale
• Lead architecture decisions for Splunk Enterprise Security (ES) or equivalent security frameworks
• Align Splunk architecture with MITRE ATT&CK, threat detection, and incident response workflows
• Design secure and scalable ingestion for diverse security data sources, including: Network, endpoint, identity, and cloud security logs EDR, NDR, firewalls, IDS/IPS, IAM, and SaaS platforms
• Ensure data quality through effective parsing, normalization, CIM compliance, and enrichment
• Implement data onboarding standards and validation processes to support reliable detections
• Partner with SOC and detection engineering teams to Enable high-confidence correlation searches and alerts Improve signal-to-noise ratio and reduce false positives Support threat hunting and investigative workflows
• Optimize Splunk searches, data models, and acceleration for real-time and near-real-time detections
• Support incident response, forensic investigations, and post-incident reviews
• Establish Splunk security, access controls, and role-based permissions
• Lead Splunk performance tuning, health monitoring, and troubleshooting
• Plan and manage capacity, licensing, and cost optimization for security workloads
• Lead platform upgrades, migrations (on‑prem to cloud), and disaster recovery planning
• Define Splunk architectural standards, documentation, and operational runbooks
• Serve as the Splunk SIEM subject matter expert across the organization
• Mentor and guide Splunk engineers, security analysts, and administrators
• Translate security and compliance requirements into scalable technical solutions
• Collaborate with compliance, risk, and audit teams to support regulatory needs

Benefits

• 401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed
• Medical, Dental, and Vision Insurance (available on the 1st day of the month following your first day of employment)
• Group Term Life, Short-Term Disability, Long-Term Disability
• Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness
• Participation in the Discretionary Time Off (DTO) Program
• 11 Paid Holidays Annually