Sr. Cyber Defense Architect

About The Position

Requirements

• Clearance: Active TS/SCI with CI Polygraph
• Deep understanding of Linux and Windows internals, including kernel functions, process behavior, memory, and logging.
• Strong hands-on experience with offensive tooling, exploitation concepts, and attacker tradecraft.
• Strong defensive background in SOC operations, detection engineering, and threat analysis.
• Ability to build and optimize raw SPL, develop detections, and administer Splunk data flows.
• Understanding of network stacks, OSI model behavior in the OS, and how telemetry is generated.
• Comfortable switching between attacker mindset and defender mindset.
• Able to articulate complex system interactions clearly and accurately.
• Understands system impact and can differentiate theoretical vs practical risk.
• Capable of building detections from first principles—understanding the behavior itself, not relying on feeds.
• Strong communication skills across technical and non-technical stakeholders.
• Ability to walk red, blue, and purple team members through system-level logic.
• Detail-oriented thinker who can contextualize threats within mission needs.

Nice To Haves

• Senior Red Team Operator with Blue Team experience
• Senior SOC Analyst with OS internals and detection engineering background
• Splunk Engineer with adversary and system knowledge
• Cyber Defense Operator with purple team exposure
• Security Architect with hands-on operational experience

Responsibilities

• Analyze and explain how exploits interact with CPU rings, kernels, drivers, and OS structures.
• Identify exploitation paths, misconfigurations, and lateral movement opportunities.
• Demonstrate attacker methods and help design the defenses to stop them.
• Investigate alerts with a deep understanding of how system internals behave under attack.
• Conduct root cause analysis across logs, processes, memory, and network activity.
• Build detection logic tied directly to attacker behavior, not generic signatures.
• Perform proactive, hypothesis-driven hunts across enterprise telemetry.
• Map hunt results to attack chains and OS-level artifacts.
• Identify blind spots and propose visibility improvements.
• Administer Splunk Enterprise, including data ingestion, parsing, indexes, and forwarders.
• Develop high-fidelity SPL queries, dashboards, correlation searches, and threat detections.
• Normalize logs for consistent detection across OS, network, cloud, containers, and application layers.
• Ensure logs reflect true system behavior, not noisy or low-value events.
• Explain OS behavior from kernel mode to user mode and across the rings of control.
• Understand memory management, syscalls, interrupts, drivers, services, and authentication flows.
• Diagnose Linux and Windows artifacts that signal compromise or misconfiguration.
• Understand how VMs virtualize hardware and how containers share the kernel.
• Evaluate how vulnerabilities behave differently in VM vs containerized environments.
• Assess whether a vulnerability is meaningful based on system architecture and exposure.
• Assess vulnerability severity in context—not every critical CVE is a critical risk.
• Provide recommendations on which vulnerabilities are operationally relevant.
• Shape detection, hardening, and response policies based on real technical behavior.
• Support leadership by translating system-level findings into clear, actionable guidance.

Benefits

• DarkStar provides a competitive and comprehensive benefits package for full-time employees.
• Health Coverage: Medical, dental, and vision plans
• Income Protection: Life insurance, short-term disability, and long-term disability
• Retirement Planning: 401(k) plan with employer contributions
• Work-Life Support: Employee Assistance Program (EAP) and legal services
• Paid Leave: Generous PTO, 11 paid federal holidays, and one floating holiday
• Legal & Identity Protection: LegalShield and IDShield
• Additional Insurance: Whole life, accident, and critical care coverage