We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
#alert
Back to search results

Splunk Architect

Invictus International
United States, Texas, San Antonio
Oct 06, 2025

Title: Splunk Architect

Location: Fort Meade, MD or San Antonio, TX

US Citizenship: Required

Clearance: TS/SCI w/CI polygraph

Responsibilities:



  • Lead purple-team campaigns using ATT&CK-aligned threat scenarios relevant to Enterprise Core service components
  • Develop custom scripts that support automation for data pipeline health and status, data ingest, and/or support services that must be monitored and optimized
  • Identify and understand the techniques used by advanced threat actors, including zero-day vulnerabilities, exploit development, and advanced persistent threats (APTs)
  • Collaborate with the SOC team to develop and implement countermeasures, such as antivirus signatures, intrusion detection system (IDS) rules, and mitigation strategies
  • Provide expert guidance and advice to other SOC team members, assisting with incident response and malware analysis efforts
  • Own the end-to-end SIEM strategy and Splunk platform roadmap aligned to business risk and MITRE ATT&CK
  • Develop and deliver training materials to enhance the skills and knowledge of the SOC team in the field of malware reverse engineering.
  • Maintain up-to-date knowledge of the latest malware threats, vulnerabilities, and indust1y trends, sharing relevant information with the SOC team
  • Serve as Tier-3 escalation for major incidents, craft investigation SPL queries and timeline reconstruction
  • Design, deploy, and maintain Splunk Enterprise/Cloud architectures (indexer & search head clustering, cluster master/manager, deployer, DS/CM, MC)



Requirements:



  • Bachelor's degree in IT, cybersecurity, or related technical field (an additional 4 years of relevant work may be substituted for a degree)
  • Minimum of seven (7) years of experience in security engineering/operations, including at least three (3) years architecting and administering Splunk Enterprise or Splunk Cloud at scale (multi-TB/day or multi-site)
  • Hands-on purple teaming experience, including two (2) years of planning/executing ATT&CK-aligned adversary emulation with measurable detection outcomes
  • Proficiency in programming languages or scripting languages like C, C++, Python, Bash, and PowerShell
  • Strong understanding of operating systems, networking protocols, and software exploitation techniques
  • Familiarity with various threat intelligence platforms, such as MITRE ATT&CK and the Cyber Kill Chain
  • Excellent written and verbal communication skills, with the ability to present complex information in a clear and concise manner
  • One of the following (or equivalent) demonstrating Splunk proficiency: Splunk Core Certified Power User or Splunk Enterprise Administrator
  • Security certification signaling detection/operations skill such as GCDA, GCIA, GMON, GXPN or OSCP
  • Experience with monitoring threats through Tools, Techniques, and Procedures and how they relate to the MITRE ATT&CK framework
  • Ability to train and mentor staff and bring awareness to current and emerging threats
  • TS/SCI clearance with a CI polygraph



Equal Opportunity Employer/Veterans/Disabled

Applied = 0

(web-675dddd98f-rz56g)