Splunk Architect

Job Description

Job Description

Title : Splunk Architect

Location : Fort Meade, MD or San Antonio, TX

US Citizenship : Required

Clearance : TS / SCI w / CI polygraph

Responsibilities :

• Lead purple-team campaigns using ATT&CK-aligned threat scenarios relevant to Enterprise Core service components
• Develop custom scripts that support automation for data pipeline health and status, data ingest, and / or support services that must be monitored and optimized
• Identify and understand the techniques used by advanced threat actors, including zero-day vulnerabilities, exploit development, and advanced persistent threats (APTs)
• Collaborate with the SOC team to develop and implement countermeasures, such as antivirus signatures, intrusion detection system (IDS) rules, and mitigation strategies
• Provide expert guidance and advice to other SOC team members, assisting with incident response and malware analysis efforts
• Own the end-to-end SIEM strategy and Splunk platform roadmap aligned to business risk and MITRE ATT&CK
• Develop and deliver training materials to enhance the skills and knowledge of the SOC team in the field of malware reverse engineering.
• Maintain up-to-date knowledge of the latest malware threats, vulnerabilities, and indust1y trends, sharing relevant information with the SOC team
• Serve as Tier-3 escalation for major incidents, craft investigation SPL queries and timeline reconstruction
• Design, deploy, and maintain Splunk Enterprise / Cloud architectures (indexer & search head clustering, cluster master / manager, deployer, DS / CM, MC)

Requirements :

Equal Opportunity Employer / Veterans / Disabled

Job Posted by ApplicantPro