Splunk?Architect?/?Subject?Matter?Expert (SME)

Job Description

ECS is seeking a SplunkArchitect/SubjectMatterExpert (SME) to work remotely . Please Note: This position is contingent upon contract award.

ECS Federal is seeking an experienced Splunk Architect to design, build, and optimize an integrated Splunk SOAR + UBA + Core environment with automated compliance via Qmulos Q-Compliance/Q-Audit for a long-term Federal program. You will lead hybrid (remote-first) engineering efforts that advance the client toward OMB M-21-31 Event Logging Level 3 while mapping evidence to NIST 800-53, FISMA, and NERC CIP.

• Position Responsibilities:
  
  • Architect & Engineer Splunk Core, SOAR, and UBA tiers; develop data-ingest blueprints and high-level architecture.
  • Automate Compliance using Q-Compliance/Q-Audit to map controls and produce real-time dashboards.
  • Develop SOAR Playbooks & UBA Models for privileged-account misuse, lateral movement, and OT/IT segmentation alerts.
  • Integrate OT Log Sources via secure one-way transfers and document risk mitigations.
  • Lead Workshops & Knowledge Transfer sessions; create Section 508-compliant diagrams and runbooks.
  • Mentor BPA analysts and junior engineers on Splunk best practices and compliance automation.

Salary Range: $150,000 - $190,000

General Description of Benefits

Required Skills

• Hands-on Experience
• 3 + years architecting Splunk Enterprise / Splunk SOAR (Phantom) solutions in federal or critical-infrastructure settings
• 2 + years deploying Splunk UBA and Qmulos Q-Compliance/Q-Audit, including control mapping to NIST/FedRAMP
• Proven ability to automate compliance evidence for OMB M-21-31, NIST RMF, and EO 14028 objectives.
• Strong stakeholder-engagement, documentation, and briefing skills suitable for C-suite and COR audiences.
• Clearance Requirement:
  
  • U.S. citizenship and eligibility to obtain a DOE public-trust (Q level) clearance ; sponsorship provided
    
• Certifications / Licenses:
  
  • Bachelor's degree in Computer Science, Cybersecurity, Engineering, or related discipline (or equivalent experience).
  • Active Splunk certifications: Splunk Core Certified Admin and Splunk SOAR Certified Automation Developer
  • Preferred: Splunk Certified Architect, CISSP, CISM, or Qmulos Certified Professional.

Desired Skills

• Additional Experience Preferred:
  
  • OT / ICS security credentials such as GICSP or ISA/IEC 62443 and experience protecting SCADA environments
  • Prior work in NERC CIP, Zero-Trust architectures, or large utility / critical-infrastructure settings.
  
  

ECS is an equal opportunity employer and does not discriminate or allow discrimination on the basis any characteristic protected by law. All qualified applicants will receive consideration for employment without regard to disability, status as a protected veteran or any other status protected by applicable federal, state, or local jurisdiction law.

ECS is a leading mid-sized provider of technology services to the United States Federal Government. We are focused on people, values and purpose. Every day, our 3800+ employees focus on providing their technical talent to support the Federal Agencies and Departments of the US Government to serve, protect and defend the American People.