Sr. Splunk Architect III (6233)

About The Position

Requirements

• An Active TS security clearance with SCI (active or eligible for SCI)
• Define the long-term architecture, roadmap, and standards for Splunk Enterprise and Splunk ES.
• Architect scalable, distributed Splunk environments across on-prem, cloud, or hybrid infrastructure.
• Lead the SIEM strategy, including detection frameworks, data coverage models, and logging governance.
• Establish standards for data onboarding, retention, normalization, risk scoring, and use case development.
• Evaluate new tools, integrations, and technologies that enhance SIEM maturity.
• Design and oversee Splunk clustering models, search head architecture, indexer scaling, and forwarder deployment patterns.
• Define Splunk ingestion pipelines, props/transforms, indexing strategy, and data model architecture.
• Oversee integration of cloud-native logs, security tools, and enterprise applications.
• Lead platform hardening, access control design, and architectural compliance.

Responsibilities

• Maintain architecture diagrams, operational guides, and executive reports.
• Track SIEM improvements, threat trends, and compliance coverage.
• Plan and optimize Splunk deployment for scalability, reliability, and performance.
• Ingest logs from diverse sources (firewalls, endpoints, cloud services).
• Normalize and enrich data for effective detection and analysis.
• Define data ingestion strategies and index management.
• Create and refine correlation rules, alerts, dashboards, and reports.
• Align detection rules with threat intelligence and compliance requirements.

Benefits

• Performance-based bonuses
• Company-paid training and/or certifications
• Referral bonuses