Job Specifications
Cloud Security Architect-Splunk
**Unable to Provide Sponsorship or do C2C**
We are seeking an experienced Splunk Architect to design, implement, and optimize enterprise-level Splunk deployments for our organization. The ideal candidate will lead the development and integration of Splunk solutions that support monitoring, security, compliance, and operational visibility. You will collaborate with cross-functional teams to ensure the scalability, reliability, and performance of our logging and analytics environment.
Key Responsibilities:
Architect and implement Splunk infrastructure, including indexers, search heads, deployment servers, forwarders, and clusters.
Develop and maintain dashboards, data models, reports, and alerts to meet business and security requirements.
Ingest and normalize data from diverse sources including logs, metrics, cloud environments (AWS, Azure, GCP), and third-party APIs.
Design and enforce Splunk best practices for performance, scalability, and security.
Provide technical leadership and mentoring to junior Splunk engineers and analysts.
Collaborate with Security, DevOps, Infrastructure, and Application teams to drive observability and incident response capabilities.
Automate ingestion, parsing, and enrichment processes using scripts (e.g., Python, Bash), apps, and custom configurations.
Troubleshoot Splunk performance issues and implement tuning recommendations.
Maintain documentation related to architecture, configurations, and standard operating procedures.
Stay current with new Splunk features, industry trends, and emerging technologies.
Required Qualifications:
Bachelor's degree in Computer Science, Information Technology, or related field; equivalent experience considered.
5+ years of experience in designing and managing large-scale Splunk environments.
Deep understanding of Splunk Enterprise, Splunk Cloud, and Splunk Enterprise Security (ES).
Expertise in data onboarding, sourcetypes, parsing, and field extractions using props and transforms.
Strong knowledge of SPL (Search Processing Language) and data modeling (e.g., CIM).
Experience with distributed Splunk architectures including clustering and high availability.
Familiarity with automation tools and scripting (e.g., Python, Ansible, PowerShell).
Knowledge of security standards (NIST, ISO 27001) and compliance frameworks (HIPAA, PCI-DSS, etc.).
Hands-on experience with Linux/Unix systems and command-line tools.
Preferred Qualifications:
Splunk Certified Architect and/or Splunk Certified Admin.
Experience with ITSI, SOAR (Phantom), or custom Splunk apps.
Familiarity with SIEM and SOC operations.
Experience with cloud-native logging solutions and integrations (CloudWatch, Stackdriver, etc.).
Understanding of container technologies and observability in Kubernetes environments.
What We Offer:
Competitive salary and performance bonuses
Flexible work schedule and remote opportunities
Health, dental, and vision insurance
Professional development and certification support
Collaborative team environment with a focus on innovation
About the Company
Here at Brooksource, relationships are at the center of everything we do. Since 2000, we have established and maintained lasting relationships with our clients, consultants, and internal employees to create an unparalleled experience.
Brooksource is a trusted provider of Engineering & Technology solutions for Fortune 500 organizations, specializing in Experience-Driven Staffing, Professional Services, and our innovative Workforce Transformation program, Elevate. Leveraging our partnerships with Salesforce, AWS, Microsoft, ...
Know more