Cybersecurity Splunk UEBA Solution Architect

Charlotte, VT - USA

Monthly Salary: Not Disclosed

Posted on: 24 days ago

Vacancies: 1 Vacancy

Job Summary

Cybersecurity Splunk UEBA Solution Architect

Location: Columbus OH Charlotte NC

Job Summary:

The Splunk UEBA Solution Architect will lead the design deployment and validation of a Proof-of-Concept (POC) for the Splunk User and Entity Behavior Analytics (UEBA) platform in a banking environment.
This role requires deep understanding of financial use cases insider threat detection fraud correlation and compliance-driven monitoring along with hands-on experience in Splunk Enterprise Security (ES) and UEBA architecture design.
The goal is to demonstrate value realization of UEBA through measurable detection efficacy integration readiness and business alignment with banking risk domains.
Years of experience needed 12 years of Cybersecurity Program Management experience with 3 years on Splunk ES/UEBA architecture.

Key Responsibilities:

1. POC Planning & Architecture

Define POC objectives scope and success criteria aligned with banks cybersecurity roadmap.
Design Splunk UEBA architecture integrated with Splunk ES SOAR and core banking data sources.
Prepare high-level and low-level architecture diagrams data flow designs and source mapping matrices.
Collaborate with client stakeholders (CISO SOC Fraud IAM teams) to finalize use-case priorities.

2. Data Onboarding & Integration

Identify and onboard critical log sources for UEBA modeling including:
Active Directory Core Banking Applications SWIFT Payment Gateways
VPN Endpoint DLP Proxy and Cloud workloads (AWS / Azure)
Identity feeds from SailPoint CyberArk Okta and HR systems
Develop CIM-compliant data models and enrichment pipelines to enhance user/entity visibility.

3. Use Case Development

Define top 5 10 banking-specific UEBA use cases for POC e.g.:
Privileged account misuse
Suspicious fund transfers or SWIFT anomalies
Credential sharing between teller and back-office users
Unusual login patterns from critical systems
High-value transaction anomaly by region or time
Configure risk scoring models and behavioral baselines for these use cases.
Correlate UEBA detections with Splunk ES correlation searches and alerting framework.

4. Model Tuning & Validation

Execute the POC with real-time or replayed data to validate model accuracy recall and precision.
Tune machine learning baselines to minimize false positives and noise.
Document findings dashboards and detection outcomes for executive reporting.

5. Reporting & Executive Enablement

Deliver POC performance dashboard showing detection efficiency event correlation improvements and mean-time-to-detect (MTTD) reductions.
Present POC results to CISO and Risk Leadership Team including ROI and production roadmap.
Prepare technical handover and operationalization recommendations post-POC.

Technical Skills:

Splunk Expertise
Strong hands-on experience with Splunk Enterprise Security (ES) and Splunk UEBA setup tuning and integration.
Expertise in data ingestion pipelines indexing parsing CIM mapping and notable event correlation.
Ability to integrate Splunk UEBA with SOAR (Phantom) for automated triage.
Cybersecurity & Analytics
Deep understanding of banking threat models insider threat fraud detection and behavioral analytics.
Familiarity with MITRE ATT&CK NIST and FFIEC frameworks.
Strong command of data correlation machine learning baselines and risk-scoring models.
Integration Knowledge
Familiarity with IAM/PAM systems (CyberArk SailPoint Okta) SIEM/SOAR and Core Banking apps.
API-based integrations (REST HEC Syslog Kafka) for streaming telemetry data.
Understanding of data governance privacy controls and compliance (GLBA PCI-DSS SOX).

Qualifications:

Bachelors or Masters degree in Computer Science Cybersecurity or related field.
7 10 years total experience with minimum 3 years on Splunk ES/UEBA architecture.
Splunk certifications preferred:
Splunk Enterprise Security Certified Architect
Splunk Core Certified Consultant
Splunk UEBA Specialist (if available)
Additional certifications such as CISSP CISM or SABSA are an advantage.

Cybersecurity Splunk UEBA Solution Architect Location: Columbus OH Charlotte NC Job Summary: The Splunk UEBA Solution Architect will lead the design deployment and validation of a Proof-of-Concept (POC) for the Splunk User and Entity Behavior Analytics (UEBA) platform in a banking environment....