Splunk Architect
Description:
Make a difference here.
UltraViolet Cyber is a leading platform-enabled unified security operations company providing a comprehensive suite of security operations solutions. Founded and operated by security practitioners with decades of experience, the UltraViolet Cyber security-as-code platform combines technology innovation and human expertise to make advanced real-time cybersecurity accessible for all organizations by eliminating risks of separate red and blue teams.
By creating continuously optimized identification, detection, and resilience from today's dynamic threat landscape, UltraViolet Cyber provides both managed and custom-tailored unified security operations solutions to the Fortune 500, Federal Government, and Commercial clients. UltraViolet Cyber is headquartered in McLean, Virginia, with global offices across the U.S. and in India.
We are seeking a highly experienced Splunk SIEM Architect to lead the design and evolution of our DHS customer's enterprise security monitoring platform. This role is critical to enabling effective threat detection, incident response, and compliance across the organization. The Splunk SIEM Architect will partner closely with the SOC, security engineering, and IT teams to ensure Splunk is optimized for high-fidelity detections, scalability, and operational resilience.
This position will be working in a SCIF and expected to be majority onsite in Herndon, VA.
US Citizenship Required. Must have an Active Secret Clearance.
What You'll Do:
You will help design the future state Splunk environment that supports 24x7x365 monitoring efforts.
SIEM & Security Architecture
Architect and maintain an enterprise-grade Splunk SIEM platform supporting SOC operations and security use cases
Design and optimize Splunk architecture including indexer clusters, search head clusters, data pipelines, and retention strategies to support security telemetry at scale
Lead architecture decisions for Splunk Enterprise Security (ES) or equivalent security frameworks
Align Splunk architecture with MITRE ATT&CK, threat detection, and incident response workflows
Data Ingestion & Normalization
Design secure and scalable ingestion for diverse security data sources, including: Network, endpoint, identity, and cloud security logs EDR, NDR, firewalls, IDS/IPS, IAM, and SaaS platforms
Ensure data quality through effective parsing, normalization, CIM compliance, and enrichment
Implement data onboarding standards and validation processes to support reliable detections
Detection Engineering & SOC Enablement
Partner with SOC and detection engineering teams to Enable high-confidence correlation searches and alerts Improve signal-to-noise ratio and reduce false positives Support threat hunting and investigative workflows
Optimize Splunk searches, data models, and acceleration for real-time and near-real-time detections
Support incident response, forensic investigations, and post-incident reviews
Platform Operations & Governance
Establish Splunk security, access controls, and role-based permissions
Lead Splunk performance tuning, health monitoring, and troubleshooting
Plan and manage capacity, licensing, and cost optimization for security workloads
Lead platform upgrades, migrations (on-prem to cloud), and disaster recovery planning
Define Splunk architectural standards, documentation, and operational runbooks
Leadership & Collaboration
Serve as the Splunk SIEM subject matter expert across the organization
Mentor and guide Splunk engineers, security analysts, and administrators
Translate security and compliance requirements into scalable technical solutions
Collaborate with compliance, risk, and audit teams to support regulatory needs
What You Have:
Experience supporting Federal government agencies
Splunk certifications (especially Splunk Enterprise Security Certified Admin or Splunk Architect)
7+ years of hands-on experience with Splunk in security/SIEM environments
Proven experience designing and supporting Splunk Enterprise Security (ES) or comparable SIEM solutions
Deep expertise in:Indexer and Search Head Clustering
Data onboarding, props/transforms, and CIM
Performance tuning for security workloads
Strong understanding of SOC operations, incident response, and threat detection
Experience with Linux/Unix systems
Proficiency in scripting (Python, Bash, or similar)Experience integrating Splunk with security tools and cloud platforms (AWS, Azure, GCP)
Strong communication skills with both technical security teams and leadership
Experience with MITRE ATT&CK mapping, detection engineering, or threat hunting
Familiarity with compliance frameworks such as SOC 2, PCI-DSS, HIPAA, ISO 27001Experience supporting 24x7 SOC environments
Exposure to SOAR platforms and automated response workflows
What We Offer:
401(k), including an employer match of 100% of the first 3% contributed and 50% of the next 2% contributed
Medical, Dental, and Vision Insurance (available on the 1st day of the month following your first day of employment)
Group Term Life, Short-Term Disability, Long-Term Disability
Voluntary Life, Hospital Indemnity, Accident, and/or Critical Illness
Participation in the Discretionary Time Off (DTO) Program
11 Paid Holidays Annually
$160,000 - $210,000 a year
UltraViolet Cyber maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect our company's differing products, services, industries and lines of business. Candidates are typically placed into the range based on the preceding factors.
We sincerely thank all applicants in advance for submitting their interest in this position. We know your time is valuable.
UltraViolet Cyber welcomes and encourages diversity in the workplace regardless of race, gender, religion, age, sexual orientation, gender identity, disability, or veteran status.
If you want to make an impact, UltraViolet Cyber is the place for you!
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.