ECS is seeking a Splunk Architect / Subject Matter Expert (SME) to work
remotely. Please Note: This position is contingent upon contract award.
ECS Federal is seeking an experienced Splunk Architect to design, build, and
optimize an integrated Splunk SOAR + UBA + Core environment with automated
compliance via Qmulos Q‑Compliance/Q‑Audit for a long‑term Federal program. You
will lead hybrid (remote‑first) engineering efforts that advance the client
toward OMB M‑21‑31 Event Logging Level 3 while mapping evidence to NIST 800‑53,
FISMA, and NERC CIP.
* Position Responsibilities:
* Architect & Engineer Splunk Core, SOAR, and UBA tiers; develop data‑ingest
blueprints and high‑level architecture.
* Automate Compliance using Q‑Compliance/Q‑Audit to map controls and produce
real‑time dashboards.
* Develop SOAR Playbooks & UBA Models for privileged‑account misuse, lateral
movement, and OT/IT segmentation alerts.
* Integrate OT Log Sources via secure one‑way transfers and document risk
mitigations.
* Lead Workshops & Knowledge Transfer sessions; create Section 508‑compliant
diagrams and runbooks.
* Mentor BPA analysts and junior engineers on Splunk best practices and
compliance automation.
Salary Range: $150,000 - $190,000
General Description of Benefits [https://ecstech.com/careers/benefits]
Qualifications
* Hands‑on Experience
* 3 + years architecting Splunk Enterprise / Splunk SOAR (Phantom) solutions
in federal or critical‑infrastructure settings
* 2 + years deploying Splunk UBA and Qmulos Q‑Compliance/Q‑Audit, including
control mapping to NIST/FedRAMP
* Proven ability to automate compliance evidence for OMB M‑21‑31, NIST RMF, and
EO 14028 objectives.
* Strong stakeholder‑engagement, documentation, and briefing skills suitable
for C‑suite and COR audiences.
* Clearance Requirement:
* U.S. citizenship and eligibility to obtain a DOE public‑trust (Q level)
clearance; sponsorship provided
* Certifications / Licenses:
* Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or
related discipline (or equivalent experience).
* Active Splunk certifications: Splunk Core Certified Admin and
Splunk SOAR Certified Automation Developer
* Preferred: Splunk Certified Architect, CISSP, CISM, or Qmulos Certified
Professional.