Splunk Architect – Enterprise Security Specialist

Full-time

United States - Must Work East Coast Hours

100% Remote

We are seeking a highly experienced Splunk Architect with 5-10 years of Splunk Cloud expertise, including hands-on knowledge of Enterprise Security (ES), SOAR, data ingestion, and dashboard development. This role demands proficiency in federal compliance frameworks (M-2131, NIST, CMMC) and gap assessments, providing customer recommendations and strategic roadmaps. The successful candidate will design and implement cutting-edge security solutions to enhance data visibility and automate threat detection for both enterprise and government environments.

1. Lead the design, deployment, and management of Splunk Cloud environments, ensuring performance, scalability, and reliability.
2. Migrate on-premise Splunk deployments to Splunk Cloud, ensuring seamless data flow, minimal disruption, and security compliance.
3. Manage and optimize Splunk Cloud services, ensuring integration with enterprise data sources and hybrid environments.
4. Stay current with Splunk Cloud innovations to enhance functionality and performance through regular updates and best practices.
5. Architect and deploy Splunk Enterprise Security (ES) to support real-time threat monitoring, advanced correlation, and incident response.
6. Develop and optimize SOAR playbooks to automate workflows and incident responses, reducing manual effort for SOC teams.
7. Ensure that security analytics align with Zero Trust architecture and other government mandates.
8. Design robust data ingestion pipelines for cloud and hybrid environments, integrating data from multiple sources (Syslog, APIs, databases, SaaS platforms).
9. Develop custom dashboards, visualizations, and reports to meet enterprise and government compliance requirements.
10. Maintain data models to support high-performance searches and analytics, ensuring scalability across large datasets.
11. Perform comprehensive gap assessments of existing Splunk implementations, identifying weaknesses, and opportunities for improvement.
12. Provide strategic recommendations, roadmaps, and timelines to enhance security posture and optimize Splunk Cloud performance.
13. Work closely with customers to remediate gaps, ensuring alignment with NIST 800-53, CMMC, M-2131, and other frameworks.
14. Ensure all Splunk deployments meet OMB M-2131 directives and align with federal security requirements, including NIST 800-53 and CMMC Level 2/3.
15. Collaborate with government security teams to implement Zero Trust principles within Splunk Cloud environments.
16. Support incident response workflows to align with FedRAMP, FIPS, and other federal data protection policies.
17. Lead cross-functional teams, including SOC analysts, engineers, and compliance specialists, to implement security solutions.
18. Provide mentoring and guidance to junior team members and Splunk developers to build internal expertise.
19. Collaborate with product managers, customers, and compliance experts to align solutions with business needs and security frameworks.

Required Skills & Experience:

1. 5-10 years of Splunk Cloud experience, including architecture, deployment, and optimization.
2. Proven success in migrating on-premise environments to Splunk Cloud and maintaining hybrid deployments.
3. Expertise with Splunk Enterprise Security (ES) and SOAR for security monitoring, orchestration, and automation.
4. Deep knowledge of data ingestion frameworks, including cloud-based data sources (AWS, Azure, SaaS) and log management.
5. Strong experience building dashboards, alerts, and visualizations tailored to enterprise and federal requirements.
6. Hands-on experience with gap assessments, roadmaps, and customer recommendations.
7. Familiarity with federal frameworks, including OMB M-2131, NIST 800-53, CMMC, Zero Trust, and FedRAMP.
8. Proficiency with incident response workflows and automation using SOAR playbooks.
9. Strong understanding of Linux, networking, and cloud services (AWS, Azure, or others).

Preferred Qualifications:

1. Splunk Certified Architect or Enterprise Security Certified Admin.
2. Experience working with MDR tools and services for federal agencies.
3. Familiarity with the MITRE ATT&CK framework and threat intelligence platforms.
4. Practical knowledge of SIEM integrations and compliance tools like Cybertorch or equivalent.
5. Knowledge of federal acquisition regulations (FAR) and related compliance.
6. Certification in proposal management (e.g., APMP).

Soft Skills:

1. Strong analytical and problem-solving skills with a focus on performance optimization.
2. Excellent communication and interpersonal skills, with the ability to engage both technical and non-technical stakeholders.
3. Demonstrated leadership skills and the ability to drive complex projects from initiation to completion.
4. Ability to work independently and collaboratively in a fast-paced environment.

Working for Quzara means being part of a team driven by innovation and dedication where we rise together. Apply Today