Mphasis
Role description
Cybersecurity Splunk UEBA Solution Architect
Location - preferably in Columbus, OH | Charlotte, NC
Job Summary -
The Splunk UEBA Solution Architect will lead the
design, deployment, and validation of a Proof-of-Concept (POC)
for the Splunk User and Entity Behavior Analytics (UEBA) platform in a banking environment. This role requires deep understanding of
financial use cases, insider threat detection, fraud correlation, and compliance-driven monitoring , along with hands-on experience in
Splunk Enterprise Security (ES)
and
UEBA architecture design .
The goal is to
demonstrate value realization of UEBA
through measurable detection efficacy, integration readiness, and business alignment with banking risk domains.
Years of experience needed - 12+ years
of Cybersecurity Program Management experience, with
3+ years
on Splunk ES/UEBA architecture .
Key Responsibilities:
1. POC Planning & Architecture Define
POC objectives , scope, and success criteria aligned with bank's cybersecurity roadmap. Design
Splunk UEBA architecture
integrated with
Splunk ES ,
SOAR , and
core banking data sources . Prepare high-level and low-level architecture diagrams, data flow designs, and source mapping matrices. Collaborate with client stakeholders (CISO, SOC, Fraud, IAM teams) to finalize use-case priorities. 2. Data Onboarding & Integration
Identify and onboard
critical log sources
for UEBA modeling, including:
Active Directory, Core Banking Applications, SWIFT, Payment Gateways VPN, Endpoint, DLP, Proxy, and Cloud workloads (AWS / Azure) Identity feeds from SailPoint, CyberArk, Okta, and HR systems
Develop
CIM-compliant data models
and enrichment pipelines to enhance user/entity visibility. 3. Use Case Development
Define
top 5-10 banking-specific UEBA use cases
for POC, e.g.:
Privileged account misuse Suspicious fund transfers or SWIFT anomalies Credential sharing between teller and back-office users Unusual login patterns from critical systems High-value transaction anomaly by region or time
Configure
risk scoring models
and
behavioral baselines
for these use cases. Correlate UEBA detections with Splunk ES correlation searches and ing framework. 4. Model Tuning & Validation
Execute the POC with real-time or replayed data to validate
model accuracy, recall, and precision . Tune machine learning baselines to minimize false positives and noise. Document findings, dashboards, and detection outcomes for executive reporting. 5. Reporting & Executive Enablement
Deliver
POC performance dashboard
showing detection efficiency, event correlation improvements, and mean-time-to-detect (MTTD) reductions. Present POC results to
CISO and Risk Leadership Team , including ROI and production roadmap. Prepare technical handover and operationalization recommendations post-POC. Technical Skills
Splunk Expertise
Strong hands-on experience with
Splunk Enterprise Security (ES)
and
Splunk UEBA
setup, tuning, and integration. Expertise in
data ingestion pipelines ,
indexing ,
parsing ,
CIM mapping , and
notable event correlation . Ability to integrate Splunk UEBA with
SOAR (Phantom)
for automated triage. Cybersecurity & Analytics
Deep understanding of
banking threat models ,
insider threat ,
fraud detection , and
behavioral analytics . Familiarity with
MITRE ATT&CK ,
NIST , and
FFIEC
frameworks. Strong command of
data correlation ,
machine learning baselines , and
risk-scoring models . Integration Knowledge
Familiarity with
IAM/PAM systems
(CyberArk, SailPoint, Okta),
SIEM/SOAR , and
Core Banking apps . API-based integrations (REST, HEC, Syslog, Kafka) for streaming telemetry data. Understanding of
data governance ,
privacy controls , and
compliance (GLBA, PCI-DSS, SOX) . Qualifications
Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field. 7-10 years' total experience, with
minimum 3 years on Splunk ES/UEBA architecture . Splunk certifications preferred:
Splunk Enterprise Security Certified Architect Splunk Core Certified Consultant Splunk UEBA Specialist (if available)
Additional certifications such as CISSP, CISM, or SABSA are an advantage.
About Mphasis
Mphasis applies next-generation technology to help enterprises transform businesses globally. Customer centricity is foundational to Mphasis and is reflected in the Mphasis' Front2Back™ Transformation approach. Front2Back™ uses the exponential power of cloud and cognitive to provide hyper-personalized (C=X2C2TM=1) digital experience to clients and their end customers. Mphasis' Service Transformation approach helps 'shrink the core' through the application of digital technologies across legacy environments within an enterprise, enabling businesses to stay ahead in a changing world. Mphasis' core reference architectures and tools, speed and innovation with domain expertise and specialization are key to building strong relationships with marquee clients.
Equal Opportunity Employer:
Mphasis is an equal opportunity/affirmative action employer. We provide equal employment opportunities to applicants and existing associates and evaluate qualified candidates without regard to race, gender, national origin, ancestry, age, color, religious creed, marital status, genetic information, sexual orientation, gender identity, gender expression, sex (including pregnancy, breast feeding and related medical conditions), mental or physical disability, medical conditions military and veteran status or any other status or condition protected by applicable federal, state, or local laws, governmental regulations and executive orders. View the EEO in the law poster , view the EEO in the law supplement . To view the pay transparency nondiscrimination provision please click and to view the E-Verify posting click .
Mphasis is committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of disability to search and apply for a career opportunity, please send an email to accomodationrequest@mphasis.com and let us know your contact information and the nature of your request.
Cybersecurity Splunk UEBA Solution Architect
Location - preferably in Columbus, OH | Charlotte, NC
Job Summary -
The Splunk UEBA Solution Architect will lead the
design, deployment, and validation of a Proof-of-Concept (POC)
for the Splunk User and Entity Behavior Analytics (UEBA) platform in a banking environment. This role requires deep understanding of
financial use cases, insider threat detection, fraud correlation, and compliance-driven monitoring , along with hands-on experience in
Splunk Enterprise Security (ES)
and
UEBA architecture design .
The goal is to
demonstrate value realization of UEBA
through measurable detection efficacy, integration readiness, and business alignment with banking risk domains.
Years of experience needed - 12+ years
of Cybersecurity Program Management experience, with
3+ years
on Splunk ES/UEBA architecture .
Key Responsibilities:
1. POC Planning & Architecture Define
POC objectives , scope, and success criteria aligned with bank's cybersecurity roadmap. Design
Splunk UEBA architecture
integrated with
Splunk ES ,
SOAR , and
core banking data sources . Prepare high-level and low-level architecture diagrams, data flow designs, and source mapping matrices. Collaborate with client stakeholders (CISO, SOC, Fraud, IAM teams) to finalize use-case priorities. 2. Data Onboarding & Integration
Identify and onboard
critical log sources
for UEBA modeling, including:
Active Directory, Core Banking Applications, SWIFT, Payment Gateways VPN, Endpoint, DLP, Proxy, and Cloud workloads (AWS / Azure) Identity feeds from SailPoint, CyberArk, Okta, and HR systems
Develop
CIM-compliant data models
and enrichment pipelines to enhance user/entity visibility. 3. Use Case Development
Define
top 5-10 banking-specific UEBA use cases
for POC, e.g.:
Privileged account misuse Suspicious fund transfers or SWIFT anomalies Credential sharing between teller and back-office users Unusual login patterns from critical systems High-value transaction anomaly by region or time
Configure
risk scoring models
and
behavioral baselines
for these use cases. Correlate UEBA detections with Splunk ES correlation searches and ing framework. 4. Model Tuning & Validation
Execute the POC with real-time or replayed data to validate
model accuracy, recall, and precision . Tune machine learning baselines to minimize false positives and noise. Document findings, dashboards, and detection outcomes for executive reporting. 5. Reporting & Executive Enablement
Deliver
POC performance dashboard
showing detection efficiency, event correlation improvements, and mean-time-to-detect (MTTD) reductions. Present POC results to
CISO and Risk Leadership Team , including ROI and production roadmap. Prepare technical handover and operationalization recommendations post-POC. Technical Skills
Splunk Expertise
Strong hands-on experience with
Splunk Enterprise Security (ES)
and
Splunk UEBA
setup, tuning, and integration. Expertise in
data ingestion pipelines ,
indexing ,
parsing ,
CIM mapping , and
notable event correlation . Ability to integrate Splunk UEBA with
SOAR (Phantom)
for automated triage. Cybersecurity & Analytics
Deep understanding of
banking threat models ,
insider threat ,
fraud detection , and
behavioral analytics . Familiarity with
MITRE ATT&CK ,
NIST , and
FFIEC
frameworks. Strong command of
data correlation ,
machine learning baselines , and
risk-scoring models . Integration Knowledge
Familiarity with
IAM/PAM systems
(CyberArk, SailPoint, Okta),
SIEM/SOAR , and
Core Banking apps . API-based integrations (REST, HEC, Syslog, Kafka) for streaming telemetry data. Understanding of
data governance ,
privacy controls , and
compliance (GLBA, PCI-DSS, SOX) . Qualifications
Bachelor's or Master's degree in Computer Science, Cybersecurity, or related field. 7-10 years' total experience, with
minimum 3 years on Splunk ES/UEBA architecture . Splunk certifications preferred:
Splunk Enterprise Security Certified Architect Splunk Core Certified Consultant Splunk UEBA Specialist (if available)
Additional certifications such as CISSP, CISM, or SABSA are an advantage.
About Mphasis
Mphasis applies next-generation technology to help enterprises transform businesses globally. Customer centricity is foundational to Mphasis and is reflected in the Mphasis' Front2Back™ Transformation approach. Front2Back™ uses the exponential power of cloud and cognitive to provide hyper-personalized (C=X2C2TM=1) digital experience to clients and their end customers. Mphasis' Service Transformation approach helps 'shrink the core' through the application of digital technologies across legacy environments within an enterprise, enabling businesses to stay ahead in a changing world. Mphasis' core reference architectures and tools, speed and innovation with domain expertise and specialization are key to building strong relationships with marquee clients.
Equal Opportunity Employer:
Mphasis is an equal opportunity/affirmative action employer. We provide equal employment opportunities to applicants and existing associates and evaluate qualified candidates without regard to race, gender, national origin, ancestry, age, color, religious creed, marital status, genetic information, sexual orientation, gender identity, gender expression, sex (including pregnancy, breast feeding and related medical conditions), mental or physical disability, medical conditions military and veteran status or any other status or condition protected by applicable federal, state, or local laws, governmental regulations and executive orders. View the EEO in the law poster , view the EEO in the law supplement . To view the pay transparency nondiscrimination provision please click and to view the E-Verify posting click .
Mphasis is committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of disability to search and apply for a career opportunity, please send an email to accomodationrequest@mphasis.com and let us know your contact information and the nature of your request.