Senior Splunk Architect/Engineer

Senior Splunk Engineer

Job Description
PRISM is seeking a Senior Splunk Engineer / Architect to lead and support enterprise cybersecurity operations. This senior-level role is responsible for architecting, engineering, and advancing Splunk platforms within a mission-critical environment. The engineer/architect will shape platform strategy, ensure architectural integrity, and maintain Splunk optimization for performance, resilience, and scalability as the organization matures its cloud-based deployments.
This is an excellent opportunity for a Splunk expert who thrives in a fast-paced environment and is eager to provide both hands-on engineering and architectural leadership to a modernized SIEM platform that directly enables cybersecurity operations.

Responsibilities

• Serve as the architectural lead for Splunk Enterprise and Splunk ES in a high-availability, distributed, and cloud-based environment.
• Define and maintain the long-term Splunk architecture, ensuring scalability, resilience, and security to meet mission requirements.
• Oversee architectural decisions related to storage, disaster recovery, and performance, including the use of features such as SmartStore and ASR/MSR.
• Conduct architectural reviews, capacity planning, and performance optimization for enterprise Splunk environments.
• Drive the onboarding and normalization of diverse data sources (OS, network, applications, cloud services) into Splunk, aligning with enterprise logging standards.
• Architect and guide the design of dashboards, data models, and advanced analytics to support threat detection, forensics, and reporting.
• Establish and enforce configuration management, security hardening, and change control processes for Splunk platforms.
• Produce and maintain architecture documentation, including conceptual designs, reference architectures, and operational standards.
• Provide technical leadership and mentorship to engineers, analysts, and administrators in Splunk best practices.
• Evaluate emerging Splunk capabilities, cloud services, and SIEM technologies to inform future platform evolution.
• Collaborate with cybersecurity leadership and stakeholders to align Splunk architecture with mission objectives.

Qualifications and Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or a related technical discipline; OR 10+ years of equivalent IT experience.
• 7+ years of IT experience, with at least 3+ years focused on Splunk engineering and architecture.
• Current Splunk Enterprise Certified Architect certification (required).
• Demonstrated expertise in Splunk Enterprise and Splunk ES, including SPL and the Common Information Model.
• Proven experience in architecting and maintaining Splunk in cloud environments, including familiarity with SmartStore and ASR/MSR.
• Strong background in distributed systems design, performance tuning, and capacity planning.
• Proficiency with scripting languages such as PowerShell, Bash, or Python.
• Experience operating Splunk across Windows and Linux environments.
• CompTIA Security+ or higher certification (e.g., CISSP, CISM).
• Excellent communication skills with the ability to explain technical architectures to both executives and engineers.

Preferred Qualifications:

• Splunk Enterprise Security Certified Admin or Splunk Certified Core Consultant certification.
• Experience developing enterprise logging architectures for hybrid or cloud environments.
• Familiarity with other SIEM platforms (e.g., ELK, Azure Sentinel).
• Experience with DevOps tools such as GitLab/GitHub for version control.

Additional Requirements:

• This hybrid role requires a minimum of three on-site days per week in the DMV area.