Cybersecurity Splunk UEBA Solution Architect

Job Description:

The Splunk UEBA Solution Architect will lead the design, deployment, and validation of a Proof-of-Concept (POC) for the Splunk User and Entity Behavior Analytics (UEBA) platform in a banking environment.
This role requires deep understanding of financial use cases, insider threat detection, fraud correlation, and compliance-driven monitoring, along with hands-on experience in Splunk Enterprise Security (ES) and UEBA architecture design.

The goal is to demonstrate value realization of UEBA through measurable detection efficacy, integration readiness, and business alignment with banking risk domains.

Years of experience needed 12+ years of Cybersecurity Program Management experience, with 3+ years on Splunk ES/UEBA architecture.

Key Responsibilities:

1. POC Planning & Architecture

• Define POC objectives, scope, and success criteria aligned with bank s cybersecurity roadmap.
• Design Splunk UEBA architecture integrated with Splunk ES, SOAR, and core banking data sources.
• Prepare high-level and low-level architecture diagrams, data flow designs, and source mapping matrices.
• Collaborate with client stakeholders (CISO, SOC, Fraud, IAM teams) to finalize use-case priorities.

2. Data Onboarding & Integration

• Identify and onboard critical log sources for UEBA modeling, including:
  • Active Directory, Core Banking Applications, SWIFT, Payment Gateways
  • VPN, Endpoint, DLP, Proxy, and Cloud workloads (AWS / Azure)
  • Identity feeds from SailPoint, CyberArk, Okta, and HR systems
• Develop CIM-compliant data models and enrichment pipelines to enhance user/entity visibility.

3. Use Case Development

• Define top 5 10 banking-specific UEBA use cases for POC, e.g.:
  • Privileged account misuse
  • Suspicious fund transfers or SWIFT anomalies
  • Credential sharing between teller and back-office users
  • Unusual login patterns from critical systems
  • High-value transaction anomaly by region or time
• Configure risk scoring models and behavioral baselines for these use cases.
• Correlate UEBA detections with Splunk ES correlation searches and alerting framework.

4. Model Tuning & Validation

• Execute the POC with real-time or replayed data to validate model accuracy, recall, and precision.
• Tune machine learning baselines to minimize false positives and noise.
• Document findings, dashboards, and detection outcomes for executive reporting.

5. Reporting & Executive Enablement

• Deliver POC performance dashboard showing detection efficiency, event correlation improvements, and mean-time-to-detect (MTTD) reductions.
• Present POC results to CISO and Risk Leadership Team, including ROI and production roadmap.
• Prepare technical handover and operationalization recommendations post-POC.

Technical Skills

Splunk Expertise

• Strong hands-on experience with Splunk Enterprise Security (ES) and Splunk UEBA setup, tuning, and integration.
• Expertise in data ingestion pipelines, indexing, parsing, CIM mapping, and notable event correlation.
• Ability to integrate Splunk UEBA with SOAR (Phantom) for automated triage.

Cybersecurity & Analytics

• Deep understanding of banking threat models, insider threat, fraud detection, and behavioral analytics.
• Familiarity with MITRE ATT&CK, NIST, and FFIEC frameworks.
• Strong command of data correlation, machine learning baselines, and risk-scoring models.

Integration Knowledge

• Familiarity with IAM/PAM systems (CyberArk, SailPoint, Okta), SIEM/SOAR, and Core Banking apps.
• API-based integrations (REST, HEC, Syslog, Kafka) for streaming telemetry data.
• Understanding of data governance, privacy controls, and compliance (GLBA, PCI-DSS, SOX).

Qualifications

• Bachelor s or Master s degree in Computer Science, Cybersecurity, or related field.
• 7 10 years total experience, with minimum 3 years on Splunk ES/UEBA architecture.
• Splunk certifications preferred:
  • Splunk Enterprise Security Certified Architect
  • Splunk Core Certified Consultant
  • Splunk UEBA Specialist (if available)
• Additional certifications such as CISSP, CISM, or SABSA are an advantage.
  We are an equal opportunity employer. All aspects of employment including the decision to hire, promote, discipline, or discharge, will be based on merit, competence, performance, and business needs. We do not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, national origin, citizenship/ immigration status, veteran status, or any other status protected under federal, state, or local law.