We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Invictus International jobs

Splunk Architect

Invictus International
United States, Maryland, Fort Meade
4409 Llewellyn Avenue (Show on map)
Oct 06, 2025

Title: Splunk Architect

Location: Fort Meade, MD or San Antonio, TX

US Citizenship: Required

Clearance: TS/SCI w/CI polygraph

Responsibilities:



  • Lead purple-team campaigns using ATT&CK-aligned threat scenarios relevant to Enterprise Core service components
  • Develop custom scripts that support automation for data pipeline health and status, data ingest, and/or support services that must be monitored and optimized
  • Identify and understand the techniques used by advanced threat actors, including zero-day vulnerabilities, exploit development, and advanced persistent threats (APTs)
  • Collaborate with the SOC team to develop and implement countermeasures, such as antivirus signatures, intrusion detection system (IDS) rules, and mitigation strategies
  • Provide expert guidance and advice to other SOC team members, assisting with incident response and malware analysis efforts
  • Own the end-to-end SIEM strategy and Splunk platform roadmap aligned to business risk and MITRE ATT&CK
  • Develop and deliver training materials to enhance the skills and knowledge of the SOC team in the field of malware reverse engineering.
  • Maintain up-to-date knowledge of the latest malware threats, vulnerabilities, and indust1y trends, sharing relevant information with the SOC team
  • Serve as Tier-3 escalation for major incidents, craft investigation SPL queries and timeline reconstruction
  • Design, deploy, and maintain Splunk Enterprise/Cloud architectures (indexer & search head clustering, cluster master/manager, deployer, DS/CM, MC)



Requirements:



  • Bachelor's degree in IT, cybersecurity, or related technical field (an additional 4 years of relevant work may be substituted for a degree)
  • Minimum of seven (7) years of experience in security engineering/operations, including at least three (3) years architecting and administering Splunk Enterprise or Splunk Cloud at scale (multi-TB/day or multi-site)
  • Hands-on purple teaming experience, including two (2) years of planning/executing ATT&CK-aligned adversary emulation with measurable detection outcomes
  • Proficiency in programming languages or scripting languages like C, C++, Python, Bash, and PowerShell
  • Strong understanding of operating systems, networking protocols, and software exploitation techniques
  • Familiarity with various threat intelligence platforms, such as MITRE ATT&CK and the Cyber Kill Chain
  • Excellent written and verbal communication skills, with the ability to present complex information in a clear and concise manner
  • One of the following (or equivalent) demonstrating Splunk proficiency: Splunk Core Certified Power User or Splunk Enterprise Administrator
  • Security certification signaling detection/operations skill such as GCDA, GCIA, GMON, GXPN or OSCP
  • Experience with monitoring threats through Tools, Techniques, and Procedures and how they relate to the MITRE ATT&CK framework
  • Ability to train and mentor staff and bring awareness to current and emerging threats
  • TS/SCI clearance with a CI polygraph



Equal Opportunity Employer/Veterans/Disabled

Applied = 0
MORE JOBS LIKE THIS

(web-759df7d4f5-7gbf2)