CyKor

Cybersecurity Architect – Practice Lead, Active Secret Clearance Required

CyKor

full-time

Posted on:

Location Type: Hybrid

Location: United States

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AnsibleCloudCyber SecurityPythonServiceNowSplunkTerraform

About the role

  • Lead the design, validation, and delivery of cybersecurity architectures for DoD/DHS customers, with primary emphasis on SIEM/SOAR platforms (Splunk, Elastic) and associated automation
  • Own the cybersecurity practice roadmap: define offerings, standards, templates, and Lab validation paths for SIEM/SOAR modernization, SOAR orchestration, log management, threat hunting, and incident response
  • Architect integrated solutions that combine Splunk/Elastic with complementary tools (Forcepoint UAM, ServiceNow SecOps, Mattermost playbooks, Everfox CDS, RedSeal, Corelight, Wiz, Pure Storage)
  • Drive automation of security operations (Compliance-as-Code, automated STIG validation, policy enforcement, SOAR playbooks) to reduce manual effort and audit risk
  • Serve as technical lead on proposals, RFIs, and customer briefings—translate mission needs into defensible, repeatable architectures
  • Mentor and develop cybersecurity engineers; establish repeatable delivery patterns and knowledge artifacts (reference designs, runbooks, playbooks)
  • Ensure all solutions meet federal compliance (RMF, ATO, STIG, Zero Trust mandates) and are deployable across IL5/6/7 environments
  • Collaborate with Network, Tactical Infrastructure, and Hybrid Cloud practices to deliver unified, mission-ready platforms

Requirements

  • 12+ years of hands-on cybersecurity architecture and engineering experience in federal/DoD environments
  • Deep expertise in Splunk and Elastic (SIEM, XDR, SOAR, EDR, log management, observability)
  • Proven ability to design and implement SIEM/SOAR solutions, including correlation rules, dashboards, playbooks, and orchestration workflows
  • Strong automation background: scripting (Python, Ansible), Compliance-as-Code, Infrastructure-as-Code (Terraform), and SOAR automation
  • Experience integrating SIEM/SOAR with endpoint (Elastic EDR, Forcepoint UAM), network visibility (Corelight, RedSeal), cloud vulnerability (Wiz), and storage/forensics (Pure Storage, Snare)
  • Minimum of an active Secret clearance
  • Required Certifications: CISSP (or equivalent) Splunk Certified Architect/Power User
Benefits
  • Health insurance
  • Retirement plans
  • Paid time off
  • Flexible work arrangements
  • Professional development
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cybersecurity architectureSIEMSOARlog managementthreat huntingincident responseautomationscriptingCompliance-as-CodeInfrastructure-as-Code
Soft Skills
leadershipmentoringcollaborationcommunicationtechnical proposal development
Certifications
CISSPSplunk Certified ArchitectSplunk Certified Power User