Description
Description
SAIC is seeking a Senior Splunk Engineer / Architect to lead and support enterprise cybersecurity operations. This senior-level role is responsible for architecting, engineering, and advancing Splunk platforms within a mission-critical federal environment. The engineer/architect will shape platform strategy, ensure architectural integrity, and maintain Splunk optimization for performance, resilience, and scalability as the agency matures its cloud-based deployments.
This is an excellent opportunity for a Splunk expert who thrives in federal environments and is eager to provide both hands-on engineering and architectural leadership to a modernized SIEM platform that directly enables cybersecurity operations.
Responsibilities
· Serve as the architectural lead for Splunk Enterprise and Splunk ES in a high-availability, distributed, and cloud-based environment.
· Define and maintain the long-term Splunk architecture, ensuring scalability, resilience, and security to meet mission and compliance requirements.
· Oversee architectural decisions related to storage, disaster recovery, and performance, including the use of features such as SmartStore and ASR/MSR.
· Conduct architectural reviews, capacity planning, and performance optimization for enterprise Splunk environments.
· Drive the onboarding and normalization of diverse data sources (OS, network, applications, cloud services) into Splunk, aligning with enterprise logging standards.
· Architect and guide the design of dashboards, data models, and advanced analytics to support threat detection, forensics, and reporting.
· Establish and enforce configuration management, security hardening, and change control processes for Splunk platforms.
· Produce and maintain architecture documentation, including conceptual designs, reference architectures, and operational standards.
· Provide technical leadership and mentorship to engineers, analysts, and administrators in Splunk best practices.
· Evaluate emerging Splunk capabilities, cloud services, and SIEM technologies to inform future platform evolution.
· Collaborate with cybersecurity leadership and stakeholders to align Splunk architecture with mission objectives and federal requirements.
Qualifications
Requirements
· Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related technical discipline; OR 10+ years of equivalent IT experience.
· 7+ years of IT experience, with at least 3+ years focused on Splunk engineering and architecture.
· Current Splunk Enterprise Certified Architect certification (required).
· Demonstrated expertise in Splunk Enterprise and Splunk ES, including SPL and the Common Information Model.
· Proven experience in architecting and maintaining Splunk in cloud environments, including familiarity with SmartStore and ASR/MSR.
· Strong background in distributed systems design, performance tuning, and capacity planning.
· Proficiency with scripting languages such as PowerShell, Bash, or Python.
· Experience operating Splunk across Windows and Linux environments.
· CompTIA Security+ or higher certification (e.g., CISSP, CISM).
· Excellent communication skills with the ability to explain technical architectures to both executives and engineers.
Preferred Qualifications
· Splunk Enterprise Security Certified Admin or Splunk Certified Core Consultant certification.
· Experience developing enterprise logging architectures for hybrid or federal environments.
· Familiarity with other SIEM platforms (e.g., ELK, Azure Sentinel).
· Experience with DevOps tools such as GitLab/GitHub for version control.
Clearance Requirement
All candidates must be eligible to obtain and maintain a U.S. Public Trust clearance.
**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**
Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
Apply on company website
Find Connections via Linkedin
