Splunk Platform Architect
Company: Bank of America
Location: Plano
Posted on: April 3, 2026
|
|
|
Job Description:
Job Description: At Bank of America, we are guided by a common
purpose to help make financial lives better through the power of
every connection. We do this by driving Responsible Growth and
delivering for our clients, teammates, communities and shareholders
every day. Being a Great Place to Work is core to how we drive
Responsible Growth. This includes our commitment to being an
inclusive workplace, attracting and developing exceptional talent,
supporting our teammates’ physical, emotional, and financial
wellness, recognizing and rewarding performance, and how we make an
impact in the communities we serve. Bank of America is committed to
an in-office culture with specific requirements for office-based
attendance and which allows for an appropriate level of flexibility
for our teammates and businesses based on role-specific
considerations. At Bank of America, you can build a successful
career with opportunities to learn, grow, and make an impact. Join
us! Position Summary: We are seeking a Splunk Platform Architect to
define, design, and govern the architecture of our enterprise?scale
Splunk ecosystem. This role is responsible for the end?to?end
strategy, scalability, resilience, and modernization of a
multi?terabyte/day Splunk Enterprise / Splunk Cloud platform that
underpins security monitoring, threat detection, observability, and
data?driven decision?making across the organization. The ideal
candidate brings deep Splunk architectural expertise, mastery of
large?scale data ingestion, cluster design, SmartStore strategy,
and security logging best practices — with the ability to influence
executives, engineering teams, and security stakeholders. Key
Responsibilities: Platform Architecture & Strategy: - Architect the
overall Splunk platform including indexer cluster design, search
head cluster architecture, cluster/master node strategy, deployment
topology, and integration patterns - Define and lead capacity
planning, data tiering, index strategy, data retention models, and
SmartStore object?store lifecycle - Drive the platform roadmap:
modernization, migration to Splunk Cloud or hybrid, scaling models,
performance optimization, and platform hardening - Own the
architectural vision for multi?site high availability, disaster
recovery, resilience engineering, and operational SLOs - Govern
major upgrades, component lifecycle management, and architectural
alignment with security and enterprise standards Security Logging
Architecture & SIEM Enablement: - Architect end?to?end security log
ingestion pipelines to support SOC, Incident Response, and Threat
Hunting. - Define onboarding patterns for firewalls, EDR, identity
providers, cloud telemetry, network analytics, and custom app
security events. - Partner with security teams to architect
detection frameworks: correlation search design risk?based alerting
(RBA) data model alignment and CIM mapping summary indexing and
dashboards - Ensure architectural compliance with MITRE ATT&CK,
CIS, SOC2, and ISO 27001 logging requirements Data Engineering &
Observability Architecture: - Architect scalable ingestion flows,
HEC pipelines, parsing/props/transforms, and CIM?aligned field
extraction standards. - Define data lifecycle strategy including
tiering, filtering, routing, enrichment, and ingestion optimization
to reduce cost and improve visibility. - Govern search?performance
architecture: knowledge object structuring, data model
acceleration, scheduling patterns, and federation strategies.
Governance, Standards & Leadership: - Define and enforce Splunk
architectural standards, naming conventions, data models,
dashboards, and development patterns - Serve as the principal
technical authority for all Splunk?related architecture decisions
across Engineering, Cloud, SecOps, and App teams - Mentor senior
engineers and advise leadership on investments, roadmap, and
platform expansion - Maintain architectural documentation, design
blueprints, reference guides, and onboarding frameworks Required
Qualifications: - 7 years designing and architecting
enterprise?scale Splunk Enterprise or Splunk Cloud platforms -
Proven architectural expertise with: - Indexer and search head
clustering - SmartStore and S3/object?store design - Forwarder
topologies (UF/HF) - Ingest Actions, props/transforms pipelines -
RBAC, KVStore, encryption, SAML/ADFS integrations - Deep background
in security logging, SIEM architecture, and detection engineering
patterns. - Expert?level SPL capabilities including: search
optimization data model acceleration / summary indexing CIM
normalization - Strong systems engineering experience with Linux,
Python, Bash, Ansible, Terraform, or GitOps automation frameworks -
Ability to influence senior technical and business stakeholders
across large enterprise environments - Communicates complex
architectural concepts to both technical and non?technical
audiences - Leads collaboration across SOC, DevOps, Cloud,
Networking, and Application teams to drive unified logging and
observability maturity Desired Qualifications: - Splunk
certifications such as Enterprise Architect, Enterprise Admin, Core
Consultant, ES Admin/Analyst - Architectural experience with:
Splunk Enterprise Security (ES) SOAR platforms (Phantom or
equivalent) Cloud logging architectures (AWS, Azure, GCP) - 4-year
college degree - Familiarity with high?throughput data systems
(Kafka, FluentD, Cribl) - Background in cybersecurity engineering,
threat detection, or observability architecture Skills: Financial
Management Influence Solution Delivery Process Stakeholder
Management Technical Strategy Development Agile Practices
Analytical Thinking Collaboration Result Orientation Risk
Management Business Acumen Business Case Analysis Data Management
Solution Design Vendor Management Shift: 1st shift (United States
of America) Hours Per Week: 40
Keywords: Bank of America, McKinney , Splunk Platform Architect, IT / Software / Systems , Plano, Texas
