Splunk Architect/Engineer - Senior (w/ active TS/SCI)

• Implements, tests, and operates advanced software security techniques in compliance with technical reference architecture.
• Performs on-going security testing and code review to improve software security.
• Troubleshoots and debugs issues that arise.
• Provides engineering designs for new software solutions to help mitigate security vulnerabilities.
• Contributes to all levels of the architecture and maintains technical documentation.
• Consults team members on secure coding practices. Develops a familiarity with new tools and best practices.
• Designing, implementing, and maintaining SIEM and SOAR solutions.
• Design and implement threat detection, automate incident response processes, integration of various security tools with SIEM and SOAR platforms via APIs
• Maintain SIEM applications to collect and aggregate IDS and IPS data from network sensors, raw data from collection agents, firewalls, proxy servers, DLP, antivirus, vulnerability scanner elements, and other security-relevant devices.
• Utilize expertise in Splunk "Search" language, Splunk Dashboards, Reports, Lookup Tables, and Summary Indexes. Build Splunk dashboards that take inputs from various data sources such as application logs / operating system logs / middleware logs / network feeds etc. and identify / highlight anomalous activities on the dashboards by their severity levels.
• Perform troubleshooting and provide assistance with the creation of Splunk search queries and dashboards.

• Must be a U.S. Citizen with active Top Secret/SCI (TS/SCI) security clearance required. Must be U.S. Citizen.
• Bachelor's degree and 12 years of relevant experience, Masters degree and 10 years, or a PhD and 7 years. Equivalent four years of work experience can substitute for a degree.
• Proven experience as a Splunk Administrator or similarly named Splunk focused role.
• Strong understanding of Splunk architecture, components, and deployment options.
• Proficiency in Splunk Search Processing Language (SPL) for creating complex search queries and reports.
• Experience with Splunk data ingestion methods, including forwarders, HTTP Event Collector (HEC), and scripted inputs.
• Familiarity with Splunk Enterprise Security (ES), Qumolos, and Splunk SOAR is a plus.
• Solid understanding of IT infrastructure, including networking, operating systems, and security principles.
• Excellent problem-solving skills and attention to detail.
• Strong communication and collaboration abilities.
• 8140/8570 IAT Level III certification required.

• Splunk Architect is desired.
• Splunk Certified Administrator certification desired.

• Annapolis Junction, MD
• On site only
• Must be willing and able to commute to Annapolis Junction, MD

Critical Solutions