Splunk Architect / SOC Analyst

We are seeking a Splunk Architect / SOC Analyst who can operate at the intersection of security engineering, threat analysis, and defensive operations. This role requires someone capable of designing and maintaining log and telemetry pipelines, leading investigations, and contributing to policy shaping based on real-world security findings. The ideal candidate brings a balanced combination of red-team awareness, blue-team defensive skill, and purple-team communication, enabling them to understand attacker behavior, detect malicious activity, and strengthen enterprise defenses. This is a hands-on, on-site role that requires strong technical fundamentals and the ability to explain and defend security decisions.

Key Responsibilities:

Security Engineering

• Administer and optimize SIEM ingestion pipelines, data parsing, forwarders, and indexing.

• Develop high-fidelity searches, dashboards, correlation rules, and alerting logic.

• Maintain log source integrity and ensure reliable telemetry across the environment.

• Collaborate with incident responders, system administrators, and leadership to improve visibility.

Threat Analysis & SOC Operations

• Monitor, triage, and investigate alerts across multiple data sources.

• Conduct root-cause analysis and produce clear documentation of findings.

• Improve detection logic through continuous tuning and behavior-based modeling.

• Identify gaps in monitoring, detection coverage, or system hardening.

Threat Hunting

• Lead proactive hunts based on threat intelligence, observed behaviors, or hypotheses.

• Build custom analytic queries to uncover suspicious patterns or attacker tradecraft.

• Pivot across logs, system data, authentication patterns, and network activity.

• Provide recommendations to enhance defensive posture.

Red / Blue / Purple Team Awareness

• Apply an attacker mindset to anticipate exploitation paths and identify blind spots.

• Evaluate how techniques such as lateral movement, privilege escalation, and persistence appear in logs.

• Communicate effectively with offensive and defensive stakeholders to close detection gaps.

Operating System & Infrastructure Understanding

• Explain how Linux and Windows systems behave during real-world attack sequences.

• Demonstrate knowledge of processes, logs, services, authentication, and system interactions.

• Understand VMs (hypervisors, virtual hardware, isolation) and how containers differ.

• Interpret OS behavior across network layers and packet flow.

Policy Shaping / Risk Awareness

• Translate technical findings into policy recommendations.

• Shape detection and response policies based on real attacker behaviors and validated risks.

• Produce clear guidance for leadership without oversimplifying technical concepts.

Minimum Qualifications

Clearance: Active TS/SCI with CI Polygraph

Foundational Splunk Knowledge

• Ability to administer and maintain indexes, inputs, parsing, and forwarders.

• Proficiency in SPL for searches, dashboards, alerts, and investigations.

• Ability to diagnose ingestion, parsing, and data quality issues.

SOC & Detection Experience

• Experience with log analysis, incident triage, and security investigations.

• Ability to identify malicious behavior in authentication logs, endpoints, and network flow.

• Familiarity with intrusion analysis and attacker behavior mapping.

Threat Hunting Competency

• Hypothesis-driven methodology.

• Ability to identify weak signals of compromise.

• Understanding of attack chains and detection points.

Red/Blue/Purple Mindset

• Ability to speak confidently about offensive techniques.

• Understanding of how attacker actions appear in defensive telemetry.

• Comfortable collaborating across disciplines.

OS + Virtualization Fundamentals

• Strong grounding in Linux and Windows internals, logging, and services.

• Ability to explain OS behavior during network, authentication, and system events.

• Understanding of virtual machines, hypervisors, and container architectures.

Analytical & Communication Skills

• Ability to write clear, concise summaries of investigations.

• Skill in translating technical findings into actionable recommendations.

• Ability to shape policy based on observed risks.

Desired Qualifications

• Experience in a SOC, security engineering team, or threat hunting role.

• Familiarity with scripting or automation (PowerShell, Bash, Python).

• Experience with large enterprise or government environments.

• Ability to explain complex security concepts to leadership.

Compensation & Benefits

Salary Range: $200,000 – $250,000 annually
Final compensation will depend on experience, qualifications, internal equity, and market data. DarkStar provides a competitive and comprehensive benefits package for full-time employees.

Additional Details

Travel: Minimal
Work Environment: On-site at Fort Meade, MD

Security Note

All applicants must be U.S. citizens and maintain eligibility for a U.S. government security clearance.

About DarkStar Intelligence

DarkStar Intelligence is a Service-Disabled Veteran-Owned Small Business (SDVOSB) committed to advancing national security through mission support and tradecraft development. We prioritize both client satisfaction and employee retention, delivering high-quality, intelligence-based solutions grounded in our “Core Four” values:

• Humility: We place mission success above personal recognition.
• Passion: We bring enthusiasm and dedication to every challenge.
• Agility: We adapt quickly to evolving operational needs.
• Ownership: We hold ourselves accountable for results and uphold the highest standards of excellence.

We are mission-driven and results-oriented, striving to make our country safer through every task we undertake.

Equal Employment Opportunity (EEO) Commitment

At DarkStar Intelligence LLC, we are committed to maintaining a professional and legally compliant work environment where individuals are treated with respect and fairness. We adhere strictly to all applicable Equal Employment Opportunity (EEO) laws and regulations.

Employment decisions at DarkStar are made solely on the basis of individual qualifications, performance, and business needs. We prohibit discrimination in all aspects of employment—including hiring, compensation, promotion, training, discipline, and termination—on the basis of: Race or color, Religion, Sex (including pregnancy, sexual orientation, and gender identity), National origin, Age, Disability, Genetic information, Veteran status. Or any other status protected by applicable federal, state, or local law

Our EEO standards are embedded in all employment practices to ensure compliance, fairness, and accountability. We enforce a zero-tolerance policy for unlawful discrimination or harassment and encourage employees to report concerns without fear of retaliation.

EEO Flyer: shorturl.at/abpNX

Employee Benefits

DarkStar Intelligence provides a competitive and comprehensive benefits package to support the health, financial stability, and personal well-being of our team members.

Core Benefits for employees:

• Health Coverage: Medical, dental, and vision plans
• Income Protection: Life insurance, short-term disability, and long-term disability
• Retirement Planning: 401(k) plan with employer contributions
• Work-Life Support: Employee Assistance Program (EAP) and legal services
• Paid Leave: Generous PTO, 11 paid federal holidays, and one floating holiday

Voluntary Benefits:

• Legal & Identity Protection: LegalShield and IDShield
• Additional Insurance: Whole life, accident, and critical care coverage

We believe in recognizing and supporting the professionals who make our mission possible. Your well-being is an investment in our collective success.