Cybersecurity Architect

About Hunter Strategy

Hunter Strategy has a unique philosophy to technical project delivery. We treat all our customers like mission partners because they rely on our team to meet their objectives through complex software engineering, cloud operations, and cyber risk management solutions. Hunter Strategy was founded on the premise that IT is 21st century infrastructure - critically important but only instrumentally valuable. Accordingly, our teams look at problems with a single objective: the identification and enablement of the right capability to address the most vexing problems our Mission Partners face. We continue to support our partners' success by leveraging the right technology, with the right plan, and the right team to address tomorrow's challenges today.

Overview

We are seeking an experienced Cybersecurity Architect to lead the design, implementation, and management of our Security Information and Event Management (SIEM) environment. The ideal candidate will have extensive experience in architecting and managing large Splunk environments, with a deep understanding of Splunk Enterprise Security (ES) frameworks, the Common Information Model (CIM), and advanced security orchestration. This role will be responsible for the operations and maintenance of all SIEM-related components, including security feeds, alerting frameworks, risk frameworks, and the integration and orchestration of security devices across the enterprise.

You will work closely with various teams to ensure high-quality, structured data flows into the SIEM system while ensuring that it conforms to established security standards and best practices. As a Cybersecurity Architect, you will help enhance the security posture by building scalable, effective, and automated security solutions that provide continuous monitoring, threat detection, and incident response capabilities.

Qualifications

• Minimum 7 years of experience in managing and architecting large Splunk environments.
• At least 3 years of hands-on experience with Splunk Enterprise Security (ES) frameworks, including:
• • Notable events
  • Threat intelligence
  • Risk analysis
  • Assets & identities
• 3+ years of experience with the Common Information Model (CIM) and ensuring that all data conforms to CIM standards.
• In-depth knowledge of Splunk back-end configuration files and the ability to manage and troubleshoot them.
• Proficiency in Python programming for scripting, automation, and system integration tasks.
• Experience developing system interconnects via API, including data exchange using XML and JSON formats.

Responsibilities

• Architect, implement, and manage the overall Splunk SIEM environment, ensuring its scalability, performance, and security.
• Develop and maintain the alerting framework to detect and respond to security events in real-time.
• Design and manage the risk framework to assess and prioritize security threats, vulnerabilities, and incidents.
• Integrate multiple security feeds and data sources into the SIEM to provide a comprehensive view of the security landscape.
• Ensure that all incoming data is structured, normalized, and aligns with the Common Information Model (CIM).
• Collaborate with other teams to ensure that security devices are effectively orchestrated and integrated into the SIEM environment.
• Troubleshoot and resolve issues related to the back-end configuration of Splunk, including troubleshooting data ingestion and indexing issues.
• Create automated scripts and workflows using Python to enhance system integration and data flow.
• Develop and maintain interconnects between the SIEM and other security systems via API calls, including data exchange in XML and JSON formats.
• Provide guidance and support to other team members on Splunk best practices, security frameworks, and CIM standards.

Requirements

• Education: Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field; or equivalent experience.
• Experience:
• • Minimum of 7 years of experience in architecting and managing Splunk environments at scale.
  • At least 3 years of direct experience with Splunk Enterprise Security (ES), including notable events, threat intelligence, risk analysis, and asset management.
  • Strong expertise in Common Information Model (CIM) implementation and data normalization.
  • Proficient with Python programming for automation and system integrations.
  • Experience with API integrations, including data exchange in XML and JSON formats.
• Technical Skills:
• • In-depth knowledge of Splunk back-end configuration files (e.g., props.conf, transforms.conf, inputs.conf).
  • Expertise in designing and managing alerting and risk frameworks in Splunk.
  • Experience working with large-scale, distributed systems.
  • Strong understanding of security monitoring best practices and data quality management.
• Must be eligible to obtain and maintain a security clearance