Splunk Architect

Title:

Splunk Architect

Location:

Fort Meade, MD or San Antonio, TX

US Citizenship:
Required

Clearance: TS/SCI w/CI polygraph

Responsibilities:

* Lead purple-team campaigns using ATT&CK-aligned threat scenarios relevant to Enterprise Core service components

* Develop custom scripts that support automation for data pipeline health and status, data ingest, and/or support services that must be monitored and optimized

* Identify and understand the techniques used by advanced threat actors, including zero-day vulnerabilities, exploit development, and advanced persistent threats (APTs)

* Collaborate with the SOC team to develop and implement countermeasures, such as antivirus signatures, intrusion detection system (IDS) rules, and mitigation strategies

* Provide expert guidance and advice to other SOC team members, assisting with incident response and malware analysis efforts

* Own the end-to-end SIEM strategy and Splunk platform roadmap aligned to business risk and MITRE ATT&CK

* Develop and deliver training materials to enhance the skills and knowledge of the SOC team in the field of malware reverse engineering.

* Maintain up-to-date knowledge of the latest malware threats, vulnerabilities, and indust1y trends, sharing relevant information with the SOC team

* Serve as Tier-3 escalation for major incidents, craft investigation SPL queries and timeline reconstruction

* Design, deploy, and maintain Splunk Enterprise/Cloud architectures (indexer & search head clustering, cluster master/manager, deployer, DS/CM, MC)

Requirements:

* Bachelor's degree in IT, cybersecurity, or related technical field (an additional 4 years of relevant work may be substituted for a degree)

* Minimum of seven (7) years of experience in security engineering/operations, including at least three (3) years architecting and administering Splunk Enterprise or Splunk Cloud at scale (multi-TB/day or multi-site)

* Hands-on purple teaming experience, including two (2) years of planning/executing ATT&CK-aligned adversary emulation with measurable detection outcomes

* Proficiency in programming languages or scripting languages like C, C++, Python, Bash, and Power Shell

* Strong understanding of operating systems, networking protocols, and software exploitation techniques

* Familiarity with various threat intelligence platforms, such as MITRE ATT&CK and the Cyber Kill Chain

* Excellent written and verbal communication skills, with the ability to present complex information in a clear and concise manner

* One of the following (or equivalent) demonstrating Splunk proficiency:
Splunk Core Certified Power User or Splunk Enterprise Administrator

* Security certification signaling detection/operations skill such as GCDA, GCIA, GMON, GXPN or OSCP

* Experience with monitoring threats through Tools, Techniques, and Procedures and how they relate to the MITRE ATT&CK framework

* Ability to train and mentor staff and bring awareness to current and emerging threats

* TS/SCI clearance with a CI polygraph

Equal Opportunity Employer/Veterans/Disabled