Splunk Architect / Subject Matter Expert (SME)

ECS is seeking a Splunk Architect / Subject Matter Expert (SME) to work remotely . Please Note: This position is contingent upon contract award. ECS Federal is seeking an experienced Splunk Architect to design, build, and optimize an integrated Splunk SOAR + UBA + Core environment with automated compliance via Qmulos Q‑Compliance/Q‑Audit for a long‑term Federal program. You will lead hybrid (remote‑first) engineering efforts that advance the client toward OMB M‑21‑31 Event Logging Level 3 while mapping evidence to NIST 800‑53, FISMA, and NERC CIP. Position Responsibilities: Architect & Engineer Splunk Core, SOAR, and UBA tiers; develop data‑ingest blueprints and high‑level architecture. Automate Compliance using Q‑Compliance/Q‑Audit to map controls and produce real‑time dashboards. Develop SOAR Playbooks & UBA Models for privileged‑account misuse, lateral movement, and OT/IT segmentation alerts. Integrate OT Log Sources via secure one‑way transfers and document risk mitigations. Lead Workshops & Knowledge Transfer sessions; create Section 508‑compliant diagrams and runbooks. Mentor BPA analysts and junior engineers on Splunk best practices and compliance automation. Salary Range: $150,000 - $190,000 General Description of Benefits Qualifications Hands‑on Experience 3 + years architecting Splunk Enterprise / Splunk SOAR (Phantom) solutions in federal or critical‑infrastructure settings 2 + years deploying Splunk UBA and Qmulos Q‑Compliance/Q‑Audit, including control mapping to NIST/FedRAMP Proven ability to automate compliance evidence for OMB M‑21‑31, NIST RMF, and EO 14028 objectives. Strong stakeholder‑engagement, documentation, and briefing skills suitable for C‑suite and COR audiences. Clearance Requirement: U.S. citizenship and eligibility to obtain a DOE public‑trust (Q level) clearance; sponsorship provided Certifications / Licenses: Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or related discipline (or equivalent experience). Active Splunk certifications : Splunk Core Certified Admin and Splunk SOAR Certified Automation Developer Preferred: Splunk Certified Architect , CISSP, CISM, or Qmulos Certified Professional. Originally posted on Himalayas