CACI International Splunk Enterprise Security Architect in Reston, Virginia

Job Description

What You’ll Get to Do:

The Splunk Enterprise Security Application Architect provides expertise and a specialized Splunk related focus on enterprise-level machine data analytics supporting mission critical information systems in a dynamic, fast-paced environment.

More About the Role:

  • Cyber Security analysis of IT security logs and threat signatures to identify unauthorized behaviors, system attacks/viruses/malware, vulnerabilities, and non-compliant configurations.

  • Design, implement, and optimize Splunk applications (to include Enterprise Security), queries, knowledge objects, and data models.

  • Design, implement, optimize, and sustain data feeds, system-to-system integration, and REST application interfaces to Splunk.

  • Develop custom scripts to facilitate automation, integration, and operational efficiencies.

  • Identify and collect machine and non-machine data sets.

  • Identify potential threats and malicious behavior, and develop methods for alerting and monitoring within Splunk.

  • Develop new dashboards, searches, and alerts to enhance Enterprise Security use cases.

  • Collaborate with other engineers and analysts to enhance development of actionable business intelligence, troubleshoot performance issues, and combat threats.

  • Educate management and peers about Splunk-related issues; Maintain compliance with security regulations and guidelines.

You’ll Bring These Qualifications:

  • 5 years minimum experience with architecting, engineering, deploying, maintaining, and utilizing Security Incident Event Management (SIEM) applications plus 1 plus years’ experience with Splunk Enterprise Security Premium Application and Splunk Enterprise.

  • 1-year minimum experience with Amazon AWS Cloud Services architecture.

  • 1-year minimum experience with Splunk Enterprise Security application development.

  • Demonstrated expert-level knowledge of Linux systems.

  • Demonstrated knowledge of Regular Expression, DNS, DHCP, and file storage technologies.

  • Demonstrated experience with Incident Management business processes (customer experience preferred).

  • Ability to research and clearly articulate (both verbally and in writing) recommended solutions.

  • Demonstrated aptitude for analytical thinking, problem solving, and working multiple tasks concurrently.

  • Exceptional interpersonal skills with the ability to work in a team-oriented collaborative environment.

  • Bachelor’s degree and 8 plus years relevant experience or equivalent

  • TS SCI with Poly clearance required

  • Required certifications:

  • Advanced Splunk certifications

  • Linux

  • Amazon Web Services (AWS)

  • CCNA

  • MCSE or equivalent

  • ITIL

  • DevOps and Agile experience

These Qualifications Would be Nice to Have:

  • Experience with Splunk’s IT Service Intelligence (ITSI) app

  • Experience using command-line interfaces, scripting (such as PowerShell) and queries (such as T-SQL)

  • Task automation via BASH, Python, Rest, Powershell

  • Demonstrated experience with physical and virtual server architecture and network fundamentals

  • Knowledge of cyber threat hunting and cyber incident response

What We Can Offer You:

  • We’ve been named a Best Place to Work by the Washington Post.

  • Our employees value the flexibility at CACI that allows them to balance quality work and their personal lives.

  • We offer competitive benefits and learning and development opportunities.

  • We are mission-oriented and ever vigilant in aligning our solutions with the nation’s highest priorities.

  • For over 55 years, the principles of CACI’s unique, character-based culture have been the driving force behind our success.


Job Location


CACI employs a diverse range of talent to create an environment that fuels innovation and fosters continuous improvement and success. At CACI, you will have the opportunity to make an immediate impact by providing information solutions and services in support of national security missions and government transformation for Intelligence, Defense, and Federal Civilian customers. CACI is proud to provide dynamic careers for employees worldwide. CACI is an Equal Opportunity Employer - Females/Minorities/Protected Veterans/Individuals with Disabilities.