Senior Splunk Architect (Hybrid)

Title: Senior Splunk Architect (Hybrid)

State Role Title:Salary Non-Specified

Hiring Range: 000

Pay Band: UG

Agency: Virginia Retirement System

Location:Virginia Retirement System

Agency Website: Type: General Public - G

Job Duties

The Senior Splunk Architect is responsible for assisting with designing implementing and optimizing VRS Splunk environment to support enterprise-scale data ingestion security monitoring IT operations and analytics. This role helps drives high performance scalability and compliance with organizational security standards. The role also requires collaboration with cross-functional teams to deliver actionable insights from log data and enhance the organizations insights and security posture.

Architecture & Design
o Assist in designing and implementing scalable resilient Splunk Enterprise and Splunk Cloud architectures (including indexers search heads forwarders and deployment servers).
o Help to define and contribute to best practices for data onboarding parsing and normalization.
o Support the design of multi-site distributed Splunk environments for performance and disaster recovery.

Implementation & Integration
o Deploy and configure Splunk Enterprise Security (ES) or Splunk Cloud components including indexers search heads forwarders and deployment servers.
o Deploy and configure Splunk components (Enterprise Universal Forwarders Heavy Forwarders).
o Maintain and optimize Splunk environments for scalability high availability and performance.
o Assist in managing data ingestion pipelines from diverse data sources (syslog APIs cloud logs databases etc.).
o Implement and maintain index configurations props/transforms and data parsing logic.
o Integrate Splunk with other enterprise systems
o Develop and maintain custom apps dashboards and alerts tailored to business needs.

Data Management & Optimization
o Help oversee data ingestion from multiple sources including syslog APIs and cloud services.
o Optimize indexing search performance and storage strategies to ensure cost-effective operations.
o Implement data retention archival and lifecycle management policies.
o Assist in designing and developing advanced dashboards reports and alerts using SPL (Search Processing Language).
o Tune search performance optimize indexing strategies and manage data lifecycle policies.

Governance & Security
o Support the development and enforcement of Splunk governance user roles and access control frameworks.
o Ensure data security and compliance with enterprise and regulatory standards (e.g. NIST 800-53 SEC530).
o Demonstrate technical expertise in incident response and forensic investigations using Splunk.

Additional Responsibilities
o Collaborate with DevOps and IT operations teams to maximize Splunk value across the enterprise.
o Stay current on new Splunk features add-ons and industry trends to guide strategic improvements.

Minimum Qualifications

Eight (8) years of experience in SIEM architecture engineering or administration.

Experience designing and managing large distributed Splunk environments.
Hands-on experience with Splunk Enterprise Security (ES).
Strong knowledge of Linux/Unix systems networking and data security concepts. Proficiency with scripting and automation. Familiarity with cloud infrastructure (AWS Azure or GCP) and hybrid Splunk deployments.

Additional Considerations

Bachelors degree in computer science or related field preferred.

Experience in SIEM engineering SOC operations or cybersecurity analytics Scripting AI SASE or Cloud Security. Comprehensive knowledge in multiple disciplines and areas within information technology. Ability to apply and support enforcement of information security principles and policies. Understanding of network protocols operating systems firewalls anti-malware software and intrusion detection systems is preferred.

Excellent verbal and written communication skills. Ability to prioritize own work activities with minimal guidance and complete complex projects independently with minimal oversight and direction. Ability to manage competing priorities to meet goals. Ability to motivate others to implement security controls and policies. Good time management skills and the ability to maintain integrity and ethics in all actions and conversations with or regarding VRS solutions.

Demonstrated ability to:
Respond to security incidents as a member of the incident response team.
Review daily threats identify risks ensure appropriate mitigations are applied.
Perform intrusion detection activities and risk mitigation.
Work with IT team members to develop policies enhance security standards and harden IT systems.
Implement appropriate countermeasures required based on alerts and security scans.
Stay current on emerging security technologies and industry venerability bulletins
Document results and recommendations from security reviews.
Ensure the Confidentiality Integrity and Availability of systems and services through proactive monitoring and response.
Participate in Disaster Recovery Planning.
Evaluate effectiveness of services provided and recommend changes in procedures to meet security best practices.
Ensure security tools are fully configured and providing operational value as part of a continuous improvement process.
Collaborate with technology leadership to develop KPIs for security alerts and response
Participate in on-call rotation that provides technology support outside of normal business hours.
All other duties as assigned.

Special Instructions

VRS is unable to provide sponsorship for this position now or in the future. Applicants must have authorization to work in the United States without the need for sponsorship now or in the future.

The current hybrid schedule for technology employees is 3 days onsite in Richmond VA (Tuesday Wednesday and Thursday) and 2 days remote (Monday and Friday). All employees must be able to work the current hybrid schedule and report to the office as needed on designated remote days.

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to Your Application in your account to check the status of your application for this position.

Contact Information

Name: Human Resources

Email:

In support of the Commonwealths commitment to inclusion we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS) or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation if applicable to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at .

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1 2022- February 29 2024 can still use that COD as applicable documentation for the Alternative Hiring Process.