Sr. Cyber Defense Architect

We are seeking a Sr. Cyber Defense Architect who brings together deep expertise across offensive cyber techniques, blue-team defensive operations, and Splunk engineering to build, evaluate, and strengthen enterprise security from the kernel to the application layer. This is not a traditional SOC analyst or Splunk admin role.
This role requires someone who:

• Understands how systems can be exploited at the OS, kernel, and application levels
• Knows how those attacks appear in logs, memory, and telemetry
• Can architect, tune, and maintain Splunk Enterprise ingestion and SPL analytics
• Can evaluate vulnerabilities based on real system impact, not just headlines
• Can communicate across red, blue, and purple team environments
• Can translate raw system behavior into accurate detections, policies, and risk decisions

This is a highly technical, hands-on role aimed at building a more resilient, detection-driven security posture

Key Responsibilities:

Offensive Understanding & Adversary Insight

• Analyze and explain how exploits interact with CPU rings, kernels, drivers, and OS structures.
• Identify exploitation paths, misconfigurations, and lateral movement opportunities.
• Demonstrate attacker methods and help design the defenses to stop them.

• Investigate alerts with a deep understanding of how system internals behave under attack.
• Conduct root cause analysis across logs, processes, memory, and network activity.
• Build detection logic tied directly to attacker behavior, not generic signatures.

• Perform proactive, hypothesis-driven hunts across enterprise telemetry.
• Map hunt results to attack chains and OS-level artifacts.
• Identify blind spots and propose visibility improvements.

• Administer Splunk Enterprise, including data ingestion, parsing, indexes, and forwarders.
• Develop high-fidelity SPL queries, dashboards, correlation searches, and threat detections.
• Normalize logs for consistent detection across OS, network, cloud, containers, and application layers.
• Ensure logs reflect true system behavior, not noisy or low-value events.

• Explain OS behavior from kernel mode to user mode and across the rings of control.
• Understand memory management, syscalls, interrupts, drivers, services, and authentication flows.
• Diagnose Linux and Windows artifacts that signal compromise or misconfiguration.

• Understand how VMs virtualize hardware and how containers share the kernel.
• Evaluate how vulnerabilities behave differently in VM vs containerized environments.
• Assess whether a vulnerability is meaningful based on system architecture and exposure.

• Assess vulnerability severity in context—not every critical CVE is a critical risk.
• Provide recommendations on which vulnerabilities are operationally relevant.
• Shape detection, hardening, and response policies based on real technical behavior.
• Support leadership by translating system-level findings into clear, actionable guidance.

Minimum Qualifications

Clearance: Active TS/SCI with CI Polygraph

Required Technical Expertise

• Deep understanding of Linux and Windows internals, including kernel functions, process behavior, memory, and logging.
• Strong hands-on experience with offensive tooling, exploitation concepts, and attacker tradecraft.
• Strong defensive background in SOC operations, detection engineering, and threat analysis.
• Ability to build and optimize raw SPL, develop detections, and administer Splunk data flows.
• Understanding of network stacks, OSI model behavior in the OS, and how telemetry is generated.

• Comfortable switching between attacker mindset and defender mindset.
• Able to articulate complex system interactions clearly and accurately.
• Understands system impact and can differentiate theoretical vs practical risk.
• Capable of building detections from first principles—understanding the behavior itself, not relying on feeds.

• Strong communication skills across technical and non-technical stakeholders.
• Ability to walk red, blue, and purple team members through system-level logic.
• Detail-oriented thinker who can contextualize threats within mission needs.

• Senior Red Team Operator with Blue Team experience
• Senior SOC Analyst with OS internals and detection engineering background
• Splunk Engineer with adversary and system knowledge
• Cyber Defense Operator with purple team exposure
• Security Architect with hands-on operational experience

Compensation & Benefits

Salary Range: $200,000 – $255,000 annually
Final compensation will depend on experience, qualifications, internal equity, and market data. DarkStar provides a competitive and comprehensive benefits package for full-time employees.

Additional Details

Travel: Minimal
Work Environment: On-site at Fort Meade, MD

Security Note

All applicants must be U.S. citizens and maintain eligibility for a U.S. government security clearance.

About DarkStar Intelligence

DarkStar Intelligence is a Service-Disabled Veteran-Owned Small Business (SDVOSB) committed to advancing national security through mission support and tradecraft development. We prioritize both client satisfaction and employee retention, delivering high-quality, intelligence-based solutions grounded in our “Core Four” values:

• Humility: We place mission success above personal recognition.
• Passion: We bring enthusiasm and dedication to every challenge.
• Agility: We adapt quickly to evolving operational needs.
• Ownership: We hold ourselves accountable for results and uphold the highest standards of excellence.

We are mission-driven and results-oriented, striving to make our country safer through every task we undertake.

Equal Employment Opportunity (EEO) Commitment

At DarkStar Intelligence LLC, we are committed to maintaining a professional and legally compliant work environment where individuals are treated with respect and fairness. We adhere strictly to all applicable Equal Employment Opportunity (EEO) laws and regulations.

Employment decisions at DarkStar are made solely on the basis of individual qualifications, performance, and business needs. We prohibit discrimination in all aspects of employment—including hiring, compensation, promotion, training, discipline, and termination—on the basis of: Race or color, Religion, Sex (including pregnancy, sexual orientation, and gender identity), National origin, Age, Disability, Genetic information, Veteran status. Or any other status protected by applicable federal, state, or local law

Our EEO standards are embedded in all employment practices to ensure compliance, fairness, and accountability. We enforce a zero-tolerance policy for unlawful discrimination or harassment and encourage employees to report concerns without fear of retaliation.

EEO Flyer: shorturl.at/abpNX

Employee Benefits

DarkStar Intelligence provides a competitive and comprehensive benefits package to support the health, financial stability, and personal well-being of our team members.

Core Benefits for employees:

• Health Coverage: Medical, dental, and vision plans
• Income Protection: Life insurance, short-term disability, and long-term disability
• Retirement Planning: 401(k) plan with employer contributions
• Work-Life Support: Employee Assistance Program (EAP) and legal services
• Paid Leave: Generous PTO, 11 paid federal holidays, and one floating holiday

Voluntary Benefits:

• Legal & Identity Protection: LegalShield and IDShield
• Additional Insurance: Whole life, accident, and critical care coverage

We believe in recognizing and supporting the professionals who make our mission possible. Your well-being is an investment in our collective success.