Sr. Splunk Architect III (6295)

About The Position

Requirements

• An Active TS security clearance with SCI (active or eligible for SCI)

Responsibilities

• Maintain architecture diagrams, operational guides, and executive reports.
• Track SIEM improvements, threat trends, and compliance coverage.
• Plan and optimize Splunk deployment for scalability, reliability, and performance.
• Ingest logs from diverse sources (firewalls, endpoints, cloud services).
• Normalize and enrich data for effective detection and analysis.
• Define data ingestion strategies and index management.
• Create and refine correlation rules, alerts, dashboards, and reports.
• Align detection rules with threat intelligence and compliance requirements.
• Define the long-term architecture, roadmap, and standards for Splunk Enterprise and Splunk ES.
• Architect scalable, distributed Splunk environments across on-prem, cloud, or hybrid infrastructure.
• Lead the SIEM strategy, including detection frameworks, data coverage models, and logging governance.
• Establish standards for data onboarding, retention, normalization, risk scoring, and use case development.
• Evaluate new tools, integrations, and technologies that enhance SIEM maturity.
• Design and oversee Splunk clustering models, search head architecture, indexer scaling, and forwarder deployment patterns.
• Define Splunk ingestion pipelines, props/transforms, indexing strategy, and data model architecture.
• Oversee integration of cloud-native logs, security tools, and enterprise applications.
• Lead platform hardening, access control design, and architectural compliance.

Benefits

• Health, dental, and vision insurance
• 401(k) retirement plan with company match
• Paid time off (PTO) and holidays
• Parental Leave and dependent care
• Flexible work arrangements
• Professional development opportunities
• Employee assistance and wellness programs
• Performance-based bonuses
• Company-paid training and/or certifications
• Referral bonuses