Splunk Architect / Subject Matter Expert (SME)

Work from home, VA

⚠️ We'll shut down after Aug 1st - try foo🦍 for all jobs in tech ⚠️

Full Time Senior-level / Expert USD 150K - 190K

ECS

ECS is a technology leader in science, engineering, cloud, cybersecurity, artificial intelligence, machine learning and IT modernization. Reach out today.

View all jobs at ECS

Apply now Apply later

Posted 1 hour ago

ECS is seeking a Splunk Architect / Subject Matter Expert (SME) to work remotely. Please Note: This position is contingent upon contract award.

ECS Federal is seeking an experienced Splunk Architect to design, build, and optimize an integrated Splunk SOAR + UBA + Core environment with automated compliance via Qmulos Q‑Compliance/Q‑Audit for a long‑term Federal program. You will lead hybrid (remote‑first) engineering efforts that advance the client toward OMB M‑21‑31 Event Logging Level 3 while mapping evidence to NIST 800‑53, FISMA, and NERC CIP.

Position Responsibilities:
- Architect & Engineer Splunk Core, SOAR, and UBA tiers; develop data‑ingest blueprints and high‑level architecture.
- Automate Compliance using Q‑Compliance/Q‑Audit to map controls and produce real‑time dashboards.
- Develop SOAR Playbooks & UBA Models for privileged‑account misuse, lateral movement, and OT/IT segmentation alerts.
- Integrate OT Log Sources via secure one‑way transfers and document risk mitigations.
- Lead Workshops & Knowledge Transfer sessions; create Section 508‑compliant diagrams and runbooks.
- Mentor BPA analysts and junior engineers on Splunk best practices and compliance automation.

Salary Range: $150,000 - $190,000

General Description of Benefits

Qualifications

Hands‑on Experience

3 + years architecting Splunk Enterprise / Splunk SOAR (Phantom) solutions in federal or critical‑infrastructure settings
2 + years deploying Splunk UBA and Qmulos Q‑Compliance/Q‑Audit, including control mapping to NIST/FedRAMP

Proven ability to automate compliance evidence for OMB M‑21‑31, NIST RMF, and EO 14028 objectives.
Strong stakeholder‑engagement, documentation, and briefing skills suitable for C‑suite and COR audiences.
Clearance Requirement:
- U.S. citizenship and eligibility to obtain a DOE public‑trust (Q level) clearance; sponsorship provided
Certifications / Licenses:
- Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or related discipline (or equivalent experience).
- Active Splunk certifications: Splunk Core Certified Admin and Splunk SOAR Certified Automation Developer
- Preferred: Splunk Certified Architect, CISSP, CISM, or Qmulos Certified Professional.