Splunk Architect

TIAG is now hiring a Splunk Architect/ Splunk SME to support upcoming work within the DHA. This work is anticipated to start in February 2026 and will be fully remote.

The Splunk Architect serves as the program's Splunk SIEM technical authority. The role manages and maintains Splunk to ensure visibility of the customer systems, supports incident response operations, and delivers leadership dashboards and reporting. This position requires an active Splunk Enterprise Certified Architect certification to be considered. Public Trust clearance is required.

Primary Responsibilities

• Own Splunk platform administration, configuration, and ongoing maintenance to ensure stable operations.
• Onboard and sustain required log sources and data feeds; validate data quality, completeness, and coverage.
• Develop and maintain searches, alerts, correlation rules, and reporting to support monitoring and triage.
• Build and sustain operational and leadership dashboards; deploy initial dashboards rapidly and maintain availability targets.
• Produce weekly monitoring reports covering alerts, incidents, and compliance status for government leadership.
• Review Splunk-generated vulnerability and threat alerts; notify designated personnel and provide mitigation recommendations within required timelines.
• Implement and maintain integrations between Splunk and security tools (e.g., firewalls, IDS/IPS, threat feeds) to improve visibility and response.
• Enable incident response workflows through automation and analyst-facing data views to accelerate triage and prioritization.
• Participate in governance activities (e.g., change control/working groups) and provide technical inputs and status updates as assigned.

Qualifications

• Active Splunk Enterprise Certified Architect certification
• A minimum of 3 years of demonstrated enterprise Splunk architecture and administration experience (data onboarding, dashboards, alerting, reporting).
• Experience integrating SIEM with security tools and log sources; ability to engineer reliable data pipelines.
• Ability to develop executive-ready dashboards and operational reporting on a recurring cadence.
• Ability to meet High Risk Public Trust (Tier 4) suitability requirements.

Preferred Qualifications

• Experience supporting federal cybersecurity programs in regulated environments (FISMA/HIPAA/NIST).
• Hands-on incident response support experience and SIEM-driven triage workflows.
• Experience with Splunk Enterprise Security (ES), SOAR automation, and detection engineering at scale.