
Lead Splunk Architect
Posted 6 hours ago

Posted 6 hours ago
This is a fully remote position, open to applicants in United States.
• Define and design the enterprise Splunk architecture to ensure high availability, scalability, resilience, disaster recovery, and long-term growth.
• Create and manage distributed Splunk environments, which include: Indexer Clusters, Search Head Clusters, Deployment Servers, Cluster Managers, Heavy Forwarders, Universal Forwarders, License Management, as well as Splunk Cloud and Hybrid architectures.
• Develop technical roadmaps, modernization strategies, migration plans, and recommendations for platform lifecycle management.
• Assess current platform capabilities and propose architectural enhancements that support SOC operations and enterprise cybersecurity initiatives.
• Act as the technical lead for all Splunk engineering tasks.
• Provide mentorship and technical guidance to Splunk Engineers, Security Engineers, Detection Engineers, and SOC Analysts.
• Review architecture, engineering designs, implementation plans, dashboards, searches, integrations, and custom applications.
• Establish engineering standards and best practices regarding index naming, Sourcetypes, CIM compliance, field extractions, knowledge objects, configuration management, change control, application lifecycle management, and role-based access control.
• Design scalable and resilient Splunk infrastructure to accommodate enterprise data volumes.
• Lead platform optimization efforts, focusing on search performance, index performance, storage management, retention policies, license utilization, data lifecycle management, search concurrency, and data model acceleration.
• Guide upgrades, patching, backup, disaster recovery, and high availability strategies.
• Lead the troubleshooting process for complex issues related to ingestion, parsing, indexing, searching, and performance.
• Define enterprise data onboarding strategies across security, infrastructure, cloud, identity, endpoint, network, and application data sources.
• Oversee parsing, routing, index design, field extraction, source normalization, CIM implementation, retention policies, and data quality initiatives.
• Lead integrations with firewalls, IDS/IPS, EDR, NDR, Identity providers, cloud platforms, vulnerability management, ticketing systems, SIEM, SOAR technologies, and threat intelligence platforms.
• Design Splunk capabilities that support threat detection, threat hunting, incident response, security monitoring, risk-based alerting, and compliance reporting.
• Guide the development of correlation searches, dashboards, reports, data models, detection content, and enterprise security content.
• Enhance detection fidelity while minimizing false positives.
• Ensure Splunk capabilities facilitate rapid investigation, evidence collection, event reconstruction, and executive reporting.
• Architect automation strategies using Splunk SOAR.
• Design and oversee playbooks for incident enrichment, IOC validation, threat intelligence lookups, malware analysis, case management, automated containment, and notification workflows.
• Integrate SOAR with enterprise security technologies using Python, REST APIs, and supported applications.
• Establish governance for automation and reusable orchestration standards.
• Implement engineering governance for configuration management, app lifecycle, knowledge object management, detection content, source onboarding, and dashboard standards.
• Review deployment packages and engineering deliverables before production release.
• Ensure compliance of engineering activities with change management, testing, documentation, rollback, and operational readiness requirements.
• Serve as the principal technical advisor for Splunk architecture and platform strategy.
• Communicate technical risks, roadmap priorities, and architectural recommendations to executive leadership and program stakeholders.
• Translate business and mission requirements into scalable technical solutions.
• Coordinate activities with infrastructure, cloud, networking, identity, cybersecurity, and vendor teams.
• Develop and maintain architecture diagrams, engineering standards, technical designs, runbooks, standard operating procedures, disaster recovery documentation, knowledge base articles, and technical decision records.
• Assess emerging Splunk capabilities and recommend improvements to maximize platform value.
• Promote engineering excellence through mentorship, standards, and continuous process improvement.
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, Engineering, or a related discipline; equivalent professional experience may be accepted.
• Over 8 years of experience in enterprise Splunk administration and engineering.
• More than 5 years of experience in designing enterprise-scale distributed Splunk environments.
• Proven experience leading Splunk Enterprise Security implementations.
• Familiarity with Splunk Cloud and hybrid architectures.
• Experience supporting Security Operations Centers (SOC).
• Demonstrated experience in leading technical teams and architectural initiatives.
• Background in enterprise cybersecurity monitoring and incident response.
• Active security clearance is strongly preferred (Public Trust or higher).
• CERTIFICATIONS: Required: Splunk Enterprise Certified Architect.
• Preferred: Splunk Enterprise Security Certified Admin; Splunk Core Certified Consultant; Splunk SOAR Certified Automation Developer; CISSP; GIAC (GCIA, GCIH, or GCED); AWS, Azure, or Google Cloud certifications.
• Remote work schedule with the possibility of some travel (0%-25%).
Arbi Arredobagno
Power Digital Marketing
Salesforce
Get handpicked remote jobs straight to your inbox weekly.