SonicJobs Logo
Left arrow iconBack to search
  1. Home
  2. 28281, Charlotte, NC
  3. Ict system architect
  4. Splunk Platform Architect

Splunk Platform Architect

Bank of America
Posted a month ago, valid for 17 days
Location

Charlotte, NC 28281, US

Salary

$150,000 - $180,000 per year

info
Contract type

Full Time

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Sonic Summary

info
  • Bank of America is seeking a Splunk Platform Architect with 7+ years of experience in designing and architecting enterprise-scale Splunk platforms.
  • The role involves defining, designing, and governing the architecture of a multi-terabyte/day Splunk ecosystem for security monitoring and data-driven decision-making.
  • Candidates should possess deep Splunk architectural expertise, including knowledge of indexer and search head clustering, as well as security logging best practices.
  • The position offers a competitive salary, with specific figures not disclosed in the job description.
  • This role emphasizes collaboration across various teams and requires strong communication skills to convey complex architectural concepts.

Job Description:

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

Being a Great Place to Work is core to how we drive Responsible Growth. This includes our commitment to being an inclusive workplace, attracting and developing exceptional talent, supporting our teammates’ physical, emotional, and financial wellness, recognizing and rewarding performance, and how we make an impact in the communities we serve.

Bank of America is committed to an in-office culture with specific requirements for office-based attendance and which allows for an appropriate level of flexibility for our teammates and businesses based on role-specific considerations.

At Bank of America, you can build a successful career with opportunities to learn, grow, and make an impact. Join us!

Position Summary:

We are seeking a Splunk Platform Architect to define, design, and govern the architecture of our enterprise‑scale Splunk ecosystem.

This role is responsible for the end‑to‑end strategy, scalability, resilience, and modernization of a multi‑terabyte/day Splunk Enterprise / Splunk Cloud platform that underpins security monitoring, threat detection, observability, and data‑driven decision‑making across the organization.

The ideal candidate brings deep Splunk architectural expertise, mastery of large‑scale data ingestion, cluster design, SmartStore strategy, and security logging best practices — with the ability to influence executives, engineering teams, and security stakeholders.

Key Responsibilities:

Platform Architecture & Strategy:

- Architect the overall Splunk platform including indexer cluster design, search head cluster architecture, cluster/master node strategy, deployment topology, and integration patterns

- Define and lead capacity planning, data tiering, index strategy, data retention models, and SmartStore object‑store lifecycle

- Drive the platform roadmap: modernization, migration to Splunk Cloud or hybrid, scaling models, performance optimization, and platform hardening

- Own the architectural vision for multi‑site high availability, disaster recovery, resilience engineering, and operational SLOs

- Govern major upgrades, component lifecycle management, and architectural alignment with security and enterprise standards

Security Logging Architecture & SIEM Enablement:

- Architect end‑to‑end security log ingestion pipelines to support SOC, Incident Response, and Threat Hunting.

- Define onboarding patterns for firewalls, EDR, identity providers, cloud telemetry, network analytics, and custom app security events.

- Partner with security teams to architect detection frameworks:

  • correlation search design
  • risk‑based alerting (RBA)
  • data model alignment and CIM mapping
  • summary indexing and dashboards

- Ensure architectural compliance with MITRE ATT&CK, CIS, SOC2, and ISO 27001 logging requirements

Data Engineering & Observability Architecture:

- Architect scalable ingestion flows, HEC pipelines, parsing/props/transforms, and CIM‑aligned field extraction standards.

- Define data lifecycle strategy including tiering, filtering, routing, enrichment, and ingestion optimization to reduce cost and improve visibility.

- Govern search‑performance architecture: knowledge object structuring, data model acceleration, scheduling patterns, and federation strategies.

Governance, Standards & Leadership:

- Define and enforce Splunk architectural standards, naming conventions, data models, dashboards, and development patterns

- Serve as the principal technical authority for all Splunk‑related architecture decisions across Engineering, Cloud, SecOps, and App teams

- Mentor senior engineers and advise leadership on investments, roadmap, and platform expansion

- Maintain architectural documentation, design blueprints, reference guides, and onboarding frameworks

Required Qualifications:

- 7+ years designing and architecting enterprise‑scale Splunk Enterprise or Splunk Cloud platforms

- Proven architectural expertise with:

- Indexer and search head clustering

- SmartStore and S3/object‑store design

- Forwarder topologies (UF/HF)

- Ingest Actions, props/transforms pipelines

- RBAC, KVStore, encryption, SAML/ADFS integrations

- Deep background in security logging, SIEM architecture, and detection engineering patterns.

- Expert‑level SPL capabilities including:

  • search optimization
  • data model acceleration / summary indexing
  • CIM normalization

- Strong systems engineering experience with Linux, Python, Bash, Ansible, Terraform, or GitOps automation frameworks

- Ability to influence senior technical and business stakeholders across large enterprise environments

- Communicates complex architectural concepts to both technical and non‑technical audiences

- Leads collaboration across SOC, DevOps, Cloud, Networking, and Application teams to drive unified logging and observability maturity

Desired Qualifications:

- Splunk certifications such as Enterprise Architect, Enterprise Admin, Core Consultant, ES Admin/Analyst

- Architectural experience with:

  • Splunk Enterprise Security (ES)
  • SOAR platforms (Phantom or equivalent)
  • Cloud logging architectures (AWS, Azure, GCP)

- 4-year college degree

- Familiarity with high‑throughput data systems (Kafka, FluentD, Cribl)

- Background in cybersecurity engineering, threat detection, or observability architecture

Skills:

  • Financial Management
  • Influence
  • Solution Delivery Process
  • Stakeholder Management
  • Technical Strategy Development
  • Agile Practices
  • Analytical Thinking
  • Collaboration
  • Result Orientation
  • Risk Management
  • Business Acumen
  • Business Case Analysis
  • Data Management
  • Solution Design
  • Vendor Management

Shift:

1st shift (United States of America)

Hours Per Week: 

40


Learn more about this Employer on their Career Site

Apply now in a few quick clicks

By applying, a Sonicjobs account will be created for you. Sonicjobs's Privacy Policy and Terms & Conditions will apply.

SonicJobs' Terms & Conditions and Privacy Policy also apply.

Logo
SonicJobs
Your next career move. Sorted.
Search jobsbackground image

Contact us

© 2017 - 2026 SonicJobs Inc. All rights reserved

Terms & Conditions | Privacy Policy | Browse Jobs