Splunk Platform Architect

Job Description:

At Bank of America we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients teammates communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace attracting and developing exceptional talent supporting our teammates physical emotional and financial wellness recognizing and rewarding performance and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America you can build a successful career with opportunities to learn grow and make an impact. Join us!

Position Summary:

We are seeking a Splunk Platform Architect to define design and govern the architecture of our enterprisescale Splunk ecosystem.

This role is responsible for the endtoend strategy scalability resilience and modernization of a multiterabyte/day Splunk Enterprise / Splunk Cloud platform that underpins security monitoring threat detection observability and datadriven decisionmaking across the organization.

The ideal candidate brings deep Splunk architectural expertise mastery of largescale data ingestion cluster design SmartStore strategy and security logging best practices with the ability to influence executives engineering teams and security stakeholders.

Key Responsibilities:

Platform Architecture & Strategy:

- Architect the overall Splunk platform including indexer cluster design search head cluster architecture cluster/master node strategy deployment topology and integration patterns

- Define and lead capacity planning data tiering index strategy data retention models and SmartStore objectstore lifecycle

- Drive the platform roadmap: modernization migration to Splunk Cloud or hybrid scaling models performance optimization and platform hardening

- Own the architectural vision for multisite high availability disaster recovery resilience engineering and operational SLOs

- Govern major upgrades component lifecycle management and architectural alignment with security and enterprise standards

Security Logging Architecture & SIEM Enablement:

- Architect endtoend security log ingestion pipelines to support SOC Incident Response and Threat Hunting.

- Define onboarding patterns for firewalls EDR identity providers cloud telemetry network analytics and custom app security events.

- Partner with security teams to architect detection frameworks:

• correlation search design
• riskbased alerting (RBA)
• data model alignment and CIM mapping
• summary indexing and dashboards

- Ensure architectural compliance with MITRE ATT&CK CIS SOC2 and ISO 27001 logging requirements

Data Engineering & Observability Architecture:

- Architect scalable ingestion flows HEC pipelines parsing/props/transforms and CIMaligned field extraction standards.

- Define data lifecycle strategy including tiering filtering routing enrichment and ingestion optimization to reduce cost and improve visibility.

- Govern searchperformance architecture: knowledge object structuring data model acceleration scheduling patterns and federation strategies.

Governance Standards & Leadership:

- Define and enforce Splunk architectural standards naming conventions data models dashboards and development patterns

- Serve as the principal technical authority for all Splunkrelated architecture decisions across Engineering Cloud SecOps and App teams

- Mentor senior engineers and advise leadership on investments roadmap and platform expansion

- Maintain architectural documentation design blueprints reference guides and onboarding frameworks

Required Qualifications:

- 7 years designing and architecting enterprisescale Splunk Enterprise or Splunk Cloud platforms

- Proven architectural expertise with:

- Indexer and search head clustering

- SmartStore and S3/objectstore design

- Forwarder topologies (UF/HF)

- Ingest Actions props/transforms pipelines

- RBAC KVStore encryption SAML/ADFS integrations

- Deep background in security logging SIEM architecture and detection engineering patterns.

- Expertlevel SPL capabilities including:

• search optimization
• data model acceleration / summary indexing
• CIM normalization

- Strong systems engineering experience with Linux Python Bash Ansible Terraform or GitOps automation frameworks

- Ability to influence senior technical and business stakeholders across large enterprise environments

- Communicates complex architectural concepts to both technical and nontechnical audiences

- Leads collaboration across SOC DevOps Cloud Networking and Application teams to drive unified logging and observability maturity

Desired Qualifications:

- Splunk certifications such as Enterprise Architect Enterprise Admin Core Consultant ES Admin/Analyst

- Architectural experience with:

• Splunk Enterprise Security (ES)
• SOAR platforms (Phantom or equivalent)
• Cloud logging architectures (AWS Azure GCP)

- 4-year college degree

- Familiarity with highthroughput data systems (Kafka FluentD Cribl)

- Background in cybersecurity engineering threat detection or observability architecture

Skills:

• Financial Management
• Influence
• Solution Delivery Process
• Stakeholder Management
• Technical Strategy Development
• Agile Practices
• Analytical Thinking
• Collaboration
• Result Orientation
• Risk Management
• Business Acumen
• Business Case Analysis
• Data Management
• Solution Design
• Vendor Management

Shift:

Hours Per Week: