Description
Description
SAIC is seeking a Senior Splunk Engineer / Architect to lead and support enterprise cybersecurity operations. This senior-level role is responsible for architecting, engineering, and advancing Splunk platforms within a mission-critical federal environment. The engineer/architect will shape platform strategy, ensure architectural integrity, and maintain Splunk optimization for performance, resilience, and scalability as the agency matures its cloud-based deployments.
This is an excellent opportunity for a Splunk expert who thrives in federal environments and is eager to provide both hands-on engineering and architectural leadership to a modernized SIEM platform that directly enables cybersecurity operations.
Responsibilities:
- Serve as the architectural lead for Splunk Enterprise and Splunk ES in a high-availability, distributed, and cloud-based environment
- Define and maintain the long-term Splunk architecture, ensuring scalability, resilience, and security to meet mission and compliance requirements
- Oversee architectural decisions related to storage, disaster recovery, and performance, including the use of features such as SmartStore and ASR/MSR
- Conduct architectural reviews, capacity planning, and performance optimization for enterprise Splunk environments
- Drive the onboarding and normalization of diverse data sources (OS, network, applications, cloud services) into Splunk, aligning with enterprise logging standards
- Architect and guide the design of dashboards, data models, and advanced analytics to support threat detection, forensics, and reporting
- Establish and enforce configuration management, security hardening, and change control processes for Splunk platforms
- Produce and maintain architecture documentation, including conceptual designs, reference architectures, and operational standards
- Provide technical leadership and mentorship to engineers, analysts, and administrators in Splunk best practices
- Evaluate emerging Splunk capabilities, cloud services, and SIEM technologies to inform future platform evolution
- Collaborate with cybersecurity leadership and stakeholders to align Splunk architecture with mission objectives and federal requirements
Qualifications
Requirements:
- Bachelor's degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related technical discipline; OR 10+ years of equivalent IT experience
- 7+ years of IT experience, with at least 3+ years focused on Splunk engineering and architecture
- Current Splunk Enterprise Certified Architect certification (required)
- Demonstrated expertise in Splunk Enterprise and Splunk ES, including SPL and the Common Information Model
- Proven experience in architecting and maintaining Splunk in cloud environments, including familiarity with SmartStore and ASR/MSR
- Strong background in distributed systems design, performance tuning, and capacity planning
- Proficiency with scripting languages such as PowerShell, Bash, or Python
- Experience operating Splunk across Windows and Linux environments
- CompTIA Security+ or higher certification (e.g., CISSP, CISM)
- Excellent communication skills with the ability to explain technical architectures to both executives and engineers
Preferred Qualifications:
- Splunk Enterprise Security Certified Admin or Splunk Certified Core Consultant certification
- Experience developing enterprise logging architectures for hybrid or federal environments
- Familiarity with other SIEM platforms (e.g., ELK, Azure Sentinel)
- Experience with DevOps tools such as GitLab/GitHub for version control
Clearance Requirement:
- All candidates must be eligible to obtain and maintain a U.S. Public Trust clearance
**This hybrid role requires a minimum of three on-site days per week in Washington, DC.**
Target salary range: $120,001 - $160,000. The estimate displayed represents the typical salary range for this position based on experience and other factors.
Apply on company website
Find Connections via Linkedin
