Title: Senior Splunk Architect (Hybrid)

State Role Title: Salary Non-Specified

Hiring Range: 155,000-170,0000

Pay Band: UG

Agency: Virginia Retirement System

Location: Virginia Retirement System

Agency Website: www.varetire.org/careers

Recruitment Type: General Public - G

Job Duties

The Senior Splunk Architect is responsible for assisting with designing, implementing, and optimizing VRS’ Splunk environment to support enterprise-scale data ingestion, security monitoring, IT operations, and analytics. This role helps drives high performance, scalability, and compliance with organizational security standards. The role also requires collaboration with cross-functional teams to deliver actionable insights from log data and enhance the organization’s insights and security posture.

Architecture & Design
o Assist in designing and implementing scalable, resilient Splunk Enterprise and Splunk Cloud architectures (including indexers, search heads, forwarders, and deployment servers).
o Help to define and contribute to best practices for data onboarding, parsing, and normalization.
o Support the design of multi-site, distributed Splunk environments for performance and disaster recovery.

Implementation & Integration
o Deploy and configure Splunk Enterprise Security (ES) or Splunk Cloud components, including indexers, search heads, forwarders, and deployment servers.
o Deploy and configure Splunk components (Enterprise, Universal Forwarders, Heavy Forwarders).
o Maintain and optimize Splunk environments for scalability, high availability, and performance.
o Assist in managing data ingestion pipelines from diverse data sources (syslog, APIs, cloud logs, databases, etc.).
o Implement and maintain index configurations, props/transforms, and data parsing logic.
o Integrate Splunk with other enterprise systems
o Develop and maintain custom apps, dashboards, and alerts tailored to business needs.

Data Management & Optimization
o Help oversee data ingestion from multiple sources, including syslog, APIs, and cloud services.
o Optimize indexing, search performance, and storage strategies to ensure cost-effective operations.
o Implement data retention, archival, and lifecycle management policies.
o Assist in designing and developing advanced dashboards, reports, and alerts using SPL (Search Processing Language).
o Tune search performance, optimize indexing strategies, and manage data lifecycle policies.

Governance & Security
o Support the development and enforcement of Splunk governance, user roles, and access control frameworks.
o Ensure data security and compliance with enterprise and regulatory standards (e.g., NIST 800-53, SEC530).
o Demonstrate technical expertise in incident response and forensic investigations using Splunk.

Additional Responsibilities
o Collaborate with DevOps and IT operations teams to maximize Splunk value across the enterprise.
o Stay current on new Splunk features, add-ons, and industry trends to guide strategic improvements.

Minimum Qualifications

Eight (8) years of experience in SIEM architecture, engineering, or administration.

Experience designing and managing large, distributed Splunk environments.
Hands-on experience with Splunk Enterprise Security (ES).
Strong knowledge of Linux/Unix systems, networking, and data security concepts. Proficiency with scripting and automation. Familiarity with cloud infrastructure (AWS, Azure, or GCP) and hybrid Splunk deployments.

Additional Considerations

Bachelor’s degree in computer science, or related field preferred.

Experience in SIEM engineering, SOC operations, or cybersecurity analytics, Scripting AI, SASE, or Cloud Security. Comprehensive knowledge in multiple disciplines and areas within information technology. Ability to apply and support enforcement of information security principles and policies. Understanding of network protocols, operating systems, firewalls, anti-malware software and intrusion detection systems is preferred.

Excellent verbal and written communication skills. Ability to prioritize own work activities with minimal guidance and complete complex projects independently with minimal oversight and direction. Ability to manage competing priorities to meet goals. Ability to motivate others to implement security controls and policies. Good time management skills, and the ability to maintain integrity and ethics in all actions and conversations with or regarding VRS solutions.

Demonstrated ability to:
• Respond to security incidents as a member of the incident response team.
• Review daily threats, identify risks, ensure appropriate mitigations are applied.
• Perform intrusion detection activities and risk mitigation.
• Work with IT team members to develop policies, enhance security standards, and harden IT systems.
• Implement appropriate countermeasures required based on alerts and security scans.
• Stay current on emerging security technologies and industry venerability bulletins
• Document results and recommendations from security reviews.
• Ensure the Confidentiality, Integrity and Availability of systems and services through proactive monitoring and response.
• Participate in Disaster Recovery Planning.
• Evaluate effectiveness of services provided and recommend changes in procedures to meet security best practices.
• Ensure security tools are fully configured and providing operational value as part of a continuous improvement process.
• Collaborate with technology leadership to develop KPI’s for security alerts and response
• Participate in on-call rotation that provides technology support outside of normal business hours.
• All other duties as assigned.

Special Instructions

VRS is unable to provide sponsorship for this position now or in the future. Applicants must have authorization to work in the United States without the need for sponsorship now or in the future.

The current hybrid schedule for technology employees is 3 days onsite in Richmond, VA (Tuesday, Wednesday and Thursday) and 2 days remote (Monday and Friday). All employees must be able to work the current hybrid schedule and report to the office as needed on designated remote days.

You will be provided a confirmation of receipt when your application and/or résumé is submitted successfully. Please refer to “Your Application” in your account to check the status of your application for this position.

Contact Information

Name: Human Resources

Email: careers@varetire.org

In support of the Commonwealth’s commitment to inclusion, we are encouraging individuals with disabilities to apply through the Commonwealth Alternative Hiring Process. To be considered for this opportunity, applicants will need to provide their AHP Letter (formerly COD) provided by the Department for Aging & Rehabilitative Services (DARS), or the Department for the Blind & Vision Impaired (DBVI). Service-Connected Veterans are encouraged to answer Veteran status questions and submit their disability documentation, if applicable, to DARS/DBVI to get their AHP Letter. Requesting an AHP Letter can be found at AHP Letter or by calling DARS at 800-552-5019.

Note: Applicants who received a Certificate of Disability from DARS or DBVI dated between April 1, 2022- February 29, 2024, can still use that COD as applicable documentation for the Alternative Hiring Process.