Splunk Architect / Subject Matter Expert (SME)

ECS is seeking a Splunk Architect / Subject Matter Expert (SME) to work remotely. Please Note: This position is contingent upon contract award.

ECS Federal is seeking an experienced Splunk Architect to design, build, and optimize an integrated Splunk SOAR + UBA + Core environment with automated compliance via Qmulos Q‑Compliance/Q‑Audit for a long‑term Federal program. You will lead hybrid (remote‑first) engineering efforts that advance the client toward OMB M‑21‑31 Event Logging Level 3 while mapping evidence to NIST 800‑53, FISMA, and NERC CIP.

• Position Responsibilities:

  • Architect & Engineer Splunk Core, SOAR, and UBA tiers; develop data‑ingest blueprints and high‑level architecture.
  • Automate Compliance using Q‑Compliance/Q‑Audit to map controls and produce real‑time dashboards.
  • Develop SOAR Playbooks & UBA Models for privileged‑account misuse, lateral movement, and OT/IT segmentation alerts.
  • Integrate OT Log Sources via secure one‑way transfers and document risk mitigations.
  • Lead Workshops & Knowledge Transfer sessions; create Section 508‑compliant diagrams and runbooks.
  • Mentor BPA analysts and junior engineers on Splunk best practices and compliance automation.

Salary Range: $150,000 - $190,000

General Description of Benefits

• Hands‑on Experience
• 3 + years architecting Splunk Enterprise / Splunk SOAR (Phantom) solutions in federal or critical‑infrastructure settings
• 2 + years deploying Splunk UBA and Qmulos Q‑Compliance/Q‑Audit, including control mapping to NIST/FedRAMP
• Proven ability to automate compliance evidence for OMB M‑21‑31, NIST RMF, and EO 14028 objectives.
• Strong stakeholder‑engagement, documentation, and briefing skills suitable for C‑suite and COR audiences.

• Clearance Requirement:

  • U.S. citizenship and eligibility to obtain a DOE public‑trust (Q level) clearance; sponsorship provided

• Certifications / Licenses:

  • Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or related discipline (or equivalent experience).
  • Active Splunk certifications: Splunk Core Certified Admin and Splunk SOAR Certified Automation Developer
  • Preferred: Splunk Certified Architect, CISSP, CISM, or Qmulos Certified Professional.

Originally posted on Himalayas