You will help design the future state Splunk environment that supports 24x7x365 monitoring efforts.
Architect and maintain an enterprise-grade Splunk SIEM platform supporting SOC operations and security use cases
Design and optimize Splunk architecture including indexer clusters, search head clusters, data pipelines, and retention strategies to support security telemetry at scale
Lead architecture decisions for Splunk Enterprise Security (ES) or equivalent security frameworks
Align Splunk architecture with MITRE ATT&CK, threat detection, and incident response workflows
Design secure and scalable ingestion for diverse security data sources, including: Network, endpoint, identity, and cloud security logs EDR, NDR, firewalls, IDS/IPS, IAM, and SaaS platforms
Ensure data quality through effective parsing, normalization, CIM compliance, and enrichment
Implement data onboarding standards and validation processes to support reliable detections
Partner with SOC and detection engineering teams to Enable high-confidence correlation searches and alerts Improve signal-to-noise ratio and reduce false positives Support threat hunting and investigative workflows
Optimize Splunk searches, data models, and acceleration for real-time and near-real-time detections
Support incident response, forensic investigations, and post-incident reviews
Establish Splunk security, access controls, and role-based permissions
Lead Splunk performance tuning, health monitoring, and troubleshooting
Plan and manage capacity, licensing, and cost optimization for security workloads
Lead platform upgrades, migrations (on‑prem to cloud), and disaster recovery planning
Define Splunk architectural standards, documentation, and operational runbooks
Serve as the Splunk SIEM subject matter expert across the organization
Mentor and guide Splunk engineers, security analysts, and administrators
Translate security and compliance requirements into scalable technical solutions
Collaborate with compliance, risk, and audit teams to support regulatory needs

Requirements

Experience supporting Federal government agencies
Splunk certifications (especially Splunk Enterprise Security Certified Admin or Splunk Architect)
7+ years of hands-on experience with Splunk in security/SIEM environments
Proven experience designing and supporting Splunk Enterprise Security (ES) or comparable SIEM solutions
Deep expertise in: Indexer and Search Head Clustering
Data onboarding, props/transforms, and CIM
Performance tuning for security workloads
Strong understanding of SOC operations, incident response, and threat detection
Experience with Linux/Unix systems
Proficiency in scripting (Python, Bash, or similar)
Experience integrating Splunk with security tools and cloud platforms (AWS, Azure, GCP)
Experience with MITRE ATT&CK mapping, detection engineering, or threat hunting
Familiarity with compliance frameworks such as SOC 2, PCI-DSS, HIPAA, ISO 27001
Experience supporting 24x7 SOC environments
Exposure to SOAR platforms and automated response workflows

Benefits

401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed
Medical, Dental, and Vision Insurance (available on the 1st day of the month following your first day of employment)
Group Term Life, Short-Term Disability, Long-Term Disability
Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness
Participation in the Discretionary Time Off (DTO) Program
11 Paid Holidays Annually

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

SplunkSIEMIndexer ClusteringSearch Head ClusteringData OnboardingCIMPerformance TuningScriptingMITRE ATT&CKThreat Detection

Soft Skills

LeadershipMentoringCollaborationCommunicationProblem SolvingAnalytical ThinkingOrganizational SkillsIncident ResponseForensic InvestigationsCapacity Management

Certifications

Splunk Enterprise Security Certified AdminSplunk Architect