Splunk Architect

Title: Splunk Architect

Location: Fort Meade, MD or San Antonio, TX

US Citizenship: Required

Clearance: TS/SCI w/CI polygraph

Responsibilities:

• Lead purple-team campaigns using ATT&CK-aligned threat scenarios relevant to Enterprise Core service components
• Develop custom scripts that support automation for data pipeline health and status, data ingest, and/or support services that must be monitored and optimized
• Identify and understand the techniques used by advanced threat actors, including zero-day vulnerabilities, exploit development, and advanced persistent threats (APTs)
• Collaborate with the SOC team to develop and implement countermeasures, such as antivirus signatures, intrusion detection system (IDS) rules, and mitigation strategies
• Provide expert guidance and advice to other SOC team members, assisting with incident response and malware analysis efforts
• Own the end-to-end SIEM strategy and Splunk platform roadmap aligned to business risk and MITRE ATT&CK
• Develop and deliver training materials to enhance the skills and knowledge of the SOC team in the field of malware reverse engineering.
• Maintain up-to-date knowledge of the latest malware threats, vulnerabilities, and indust1y trends, sharing relevant information with the SOC team
• Serve as Tier-3 escalation for major incidents, craft investigation SPL queries and timeline reconstruction
• Design, deploy, and maintain Splunk Enterprise/Cloud architectures (indexer & search head clustering, cluster master/manager, deployer, DS/CM, MC)

Requirements:

• Bachelor's degree in IT, cybersecurity, or related technical field (an additional 4 years of relevant work may be substituted for a degree)
• Minimum of seven (7) years of experience in security engineering/operations, including at least three (3) years architecting and administering Splunk Enterprise or Splunk Cloud at scale (multi-TB/day or multi-site)
• Hands-on purple teaming experience, including two (2) years of planning/executing ATT&CK-aligned adversary emulation with measurable detection outcomes
• Proficiency in programming languages or scripting languages like C, C++, Python, Bash, and PowerShell
• Strong understanding of operating systems, networking protocols, and software exploitation techniques
• Familiarity with various threat intelligence platforms, such as MITRE ATT&CK and the Cyber Kill Chain
• Excellent written and verbal communication skills, with the ability to present complex information in a clear and concise manner
• One of the following (or equivalent) demonstrating Splunk proficiency: Splunk Core Certified Power User or Splunk Enterprise Administrator
• Security certification signaling detection/operations skill such as GCDA, GCIA, GMON, GXPN or OSCP
• Experience with monitoring threats through Tools, Techniques, and Procedures and how they relate to the MITRE ATT&CK framework
• Ability to train and mentor staff and bring awareness to current and emerging threats
• TS/SCI clearance with a CI polygraph

Equal Opportunity Employer/Veterans/Disabled