Talent.com
Cybersecurity Splunk UEBA Solution Architect

Cybersecurity Splunk UEBA Solution Architect

TalenciaCharlotte, NC, United States
6 days ago
Job type
  • Full-time
  • Quick Apply
Job description

Cybersecurity Splunk UEBA Solution Architect

Location : Columbus, OH | Charlotte, NC

Job Summary :

  • The Splunk UEBA Solution Architect will lead the design, deployment, and validation of a Proof-of-Concept (POC) for the Splunk User and Entity Behavior Analytics (UEBA) platform in a banking environment.
  • This role requires deep understanding of financial use cases, insider threat detection, fraud correlation, and compliance-driven monitoring, along with hands-on experience in Splunk Enterprise Security (ES) and UEBA architecture design.
  • The goal is to demonstrate value realization of UEBA through measurable detection efficacy, integration readiness, and business alignment with banking risk domains.
  • Years of experience needed 12+ years of Cybersecurity Program Management experience, with 3+ years on Splunk ES / UEBA architecture.

Key Responsibilities :

1. POC Planning & Architecture

Define POC objectives, scope, and success criteria aligned with bank's cybersecurity roadmap.

Design Splunk UEBA architecture integrated with Splunk ES, SOAR, and core banking data sources.

Prepare high-level and low-level architecture diagrams, data flow designs, and source mapping matrices.

Collaborate with client stakeholders (CISO, SOC, Fraud, IAM teams) to finalize use-case priorities.

2. Data Onboarding & Integration

  • Identify and onboard critical log sources for UEBA modeling, including :
  • Active Directory, Core Banking Applications, SWIFT, Payment Gateways
  • VPN, Endpoint, DLP, Proxy, and Cloud workloads (AWS / Azure)
  • Identity feeds from SailPoint, CyberArk, Okta, and HR systems
  • Develop CIM-compliant data models and enrichment pipelines to enhance user / entity visibility.

    • 3. Use Case Development

  • Define top 5 10 banking-specific UEBA use cases for POC, e.g. :
  • Privileged account misuse
  • Suspicious fund transfers or SWIFT anomalies
  • Credential sharing between teller and back-office users
  • Unusual login patterns from critical systems
  • High-value transaction anomaly by region or time
  • Configure risk scoring models and behavioral baselines for these use cases.
  • Correlate UEBA detections with Splunk ES correlation searches and alerting framework.

    • 4. Model Tuning & Validation

  • Execute the POC with real-time or replayed data to validate model accuracy, recall, and precision.
  • Tune machine learning baselines to minimize false positives and noise.
  • Document findings, dashboards, and detection outcomes for executive reporting.

    • 5. Reporting & Executive Enablement

  • Deliver POC performance dashboard showing detection efficiency, event correlation improvements, and mean-time-to-detect (MTTD) reductions.
  • Present POC results to CISO and Risk Leadership Team, including ROI and production roadmap.
  • Prepare technical handover and operationalization recommendations post-POC.

    • Technical Skills :

  • Splunk Expertise
  • Strong hands-on experience with Splunk Enterprise Security (ES) and Splunk UEBA setup, tuning, and integration.
  • Expertise in data ingestion pipelines, indexing, parsing, CIM mapping, and notable event correlation.
  • Ability to integrate Splunk UEBA with SOAR (Phantom) for automated triage.
  • Cybersecurity & Analytics
  • Deep understanding of banking threat models, insider threat, fraud detection, and behavioral analytics.
  • Familiarity with MITRE ATT&CK, NIST, and FFIEC frameworks.
  • Strong command of data correlation, machine learning baselines, and risk-scoring models.
  • Integration Knowledge
  • Familiarity with IAM / PAM systems (CyberArk, SailPoint, Okta), SIEM / SOAR, and Core Banking apps.
  • API-based integrations (REST, HEC, Syslog, Kafka) for streaming telemetry data.
  • Understanding of data governance, privacy controls, and compliance (GLBA, PCI-DSS, SOX).

    • Qualifications :

  • Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field.
  • 7 10 years' total experience, with minimum 3 years on Splunk ES / UEBA architecture.
  • Splunk certifications preferred :
  • Splunk Enterprise Security Certified Architect
  • Splunk Core Certified Consultant
  • Splunk UEBA Specialist (if available)
  • Additional certifications such as CISSP, CISM, or SABSA are an advantage.
    • Create a job alert for this search

    Solution Architect • Charlotte, NC, United States