Splunk SIEM Architect - Engineer

Splunk SIEM Architect - Engineer DCA2244

Work Arrangement: Remote (U.S.)

Location: Remote USA

Duration: ~6 months (1,040 total hours) | 40 hrs/week, 8 hrs/day

Work Authorization: U.S. Citizens or Green Card holders only.

Engagement Type: W-2 only. No sponsorships, Corp-to-Corp, or 1099 arrangements permitted.

Overview

Client is seeking a senior Splunk SIEM Architect/Engineer to lead the design, build, and optimization of the enterprise SIEM. You will architect data onboarding and parsing at scale, develop use cases and correlation content, and ensure the platform meets banking regulatory and security standards. The role partners closely with Cybersecurity, Security Engineering, Risk/Compliance, and Operations, and includes mentoring junior SIEM engineers.

Key Responsibilities

• Architect & own Splunk SIEM (Enterprise/ES or equivalent): indexing strategy, data models, CIM alignment, RBAC, scaling/HA, and performance tuning.
• Design & implement data onboarding pipelines: forwarders/heavy forwarders, syslog/ events, parsing/normalization ( props.conf , transforms.conf , sourcetypes), data quality.
• Develop content: correlation searches, risk-based alerts, dashboards, reports, KPIs, and scheduled searches to prioritize threats and reduce noise.
• Engineer use cases mapped to frameworks (e.g., MITRE ATT&CK); create playbooks/runbooks for incident investigation and response.
• Integrate SIEM with endpoint, network, cloud, identity, and ticketing tools; coordinate with vendors as needed.
• Collaborate with Cyber/SecEng on complex investigations; perform root-cause analysis and recommend remediation.
• Lead SIEM upgrades, enhancements, and integrations; define standards, patterns, and guardrails for sustainable operations.
• Mentor & review : guide junior engineers; review designs and changes from less-experienced staff.
• Champion best practices and adhere to Client SDLC, change management, and security policies in a regulated environment.

Required Qualifications

• Combined 8+ years of higher education and/or professional experience in systems design/management/architecture.
• Splunk expertise (5+ years) in engineering/administration, including:
• SIEM design and operations (indexer/search head clustering, data retention, search performance).
• Data modeling & parsing (CIM, sourcetypes, field extractions, regex, props/transforms ).
• Content development (correlation searches, dashboards, alerts, reports, KV store).
• Strong understanding of the infrastructure lifecycle , ITSM practices, and systems design.
• Experience collaborating with stakeholders across cyber, operations, compliance, and risk; clear written/verbal communication.
• Ability to lead initiatives independently, mentor others, and deliver results in a fast-paced environment.

Preferred Qualifications

• Bachelors in Computer Science , Computer Engineering , or related field.
• 8+ years in technical engineering involving infrastructure design, data management/interchange, and large-scale systems.
• Splunk certifications ( Certified Architect , Enterprise Security Admin ), plus security certs (e.g., CISSP , GIAC ).
• Banking/financial-services experience; familiarity with regulatory drivers (e.g., FFIEC/GLBA/SOX).
• Advanced troubleshooting of ingestion failures, parsing issues, and search performance; scripting (e.g., Python , Bash ) for automation.
• Effective facilitation and influencing skills; process-oriented, logical thinker; adaptable and quick learner.

Risk, Compliance & Culture

• Understand and adhere to Clients risk and regulatory standards, policies, and controls.
• Maintain internal control standards, including timely remediation of audit/regulatory points.
• Promote an environment that supports diversity and reflects the Client brand.

Skill Sets (for requisition alignment)

• Skill Set 1: Senior Splunk Architecture & Engineering
• Skill Set 2: Senior Splunk SIEM Design & Architecture
• Skill Set 3: Data Modeling & Parsing (CIM alignment, props/transforms, field extractions)