Job Description

Description

SAIC is seeking a Senior Splunk Engineer / Architect to lead and support enterprise cybersecurity operations. This senior-level role is responsible for architecting, engineering, and advancing Splunk platforms within a mission-critical federal environment. The engineer/architect will shape platform strategy, ensure architectural integrity, and maintain Splunk optimization for performance, resilience, and scalability as the agency matures its cloud-based deployments.

This is an excellent opportunity for a Splunk expert who thrives in federal environments and is eager to provide both hands-on engineering and architectural leadership to a modernized SIEM platform that directly enables cybersecurity operations.

Responsibilities

· Serve as the architectural lead for Splunk Enterprise and Splunk ES in a high-availability, distributed, and cloud-based environment.

· Define and maintain the long-term Splunk architecture, ensuring scalability, resilience, and security to meet mission and compliance requirements.

· Oversee architectural decisions related to storage, disaster recovery, and performance, including the use of features such as SmartStore and ASR/MSR.

· Conduct architectural reviews, capacity planning, and performance optimization for enterprise Splunk environments.

· Drive the onboarding and normalization of diverse data sources (OS, network, applications, cloud services) into Splunk, aligning with enterprise logging standards.

· Architect and guide the design of dashboards, data models, and advanced analytics to support threat detection, forensics, and reporting.

· Establish and enforce configuration management, security hardening, and change control processes for Splunk platforms.

· Produce and maintain architecture documentation, including conceptual designs, reference architectures, and operational standards.

· Provide technical leadership and mentorship to engineers, analysts, and administrators in Splunk best practices.

· Evaluate emerging Splunk capabilities, cloud services, and SIEM technologies to inform future platform evolution.

· Collaborate with cybersecurity leadership and stakeholders to align Splunk architecture with mission objectives and federal requirements.

Qualifications

Requirements

· Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related technical discipline; OR 10+ years of equivalent IT experience.

·7+ years of IT experience, with at least 3+ years focused on Splunk engineering and architecture.

· Current Splunk Enterprise Certified Architect certification (required).

· Demonstrated expertise in Splunk Enterprise and Splunk ES, including SPL and the Common Information Model.

· Proven experience in architecting and maintaining Splunk in cloud environments, including familiarity with SmartStore and ASR/MSR.

· Strong background in distributed systems design, performance tuning, and capacity planning.

· Proficiency with scripting languages such as PowerShell, Bash, or Python.

· Experience operating Splunk across Windows and Linux environments.

· CompTIA Security+ or higher certification (e.g., CISSP, CISM).

· Excellent communication skills with the ability to explain technical architectures to both executives and engineers.

Preferred Qualifications

· Splunk Enterprise Security Certified Admin or Splunk Certified Core Consultant certification.

· Experience developing enterprise logging architectures for hybrid or federal environments.

· Familiarity with other SIEM platforms (e.g., ELK, Azure Sentinel).

· Experience with DevOps tools such as GitLab/GitHub for version control.

Clearance Requirement

All candidates must be eligible to obtain and maintain a U.S. Public Trust clearance.

**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**

Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.

Job Tags

3 days per week,

Similar Jobs