Paradigm Global Consulting
Cybersecurity Splunk UEBA Solution Architect
Paradigm Global Consulting, Columbus, Ohio, United States, 43224
Cybersecurity Splunk UEBA Solution Architect
6 days ago Be among the first 25 applicants
Get AI-powered advice on this job and more exclusive features.
Direct message the job poster from Paradigm Global Consulting
Location – preferably in Columbus, OH | Charlotte, NC
Job Summary The Splunk UEBA Solution Architect will lead the design, deployment, and validation of a Proof‑of‑Concept (POC) for the Splunk User and Entity Behavior Analytics (UEBA) platform in a banking environment. This role requires deep understanding of financial use cases, insider threat detection, fraud correlation, and compliance‑driven monitoring, along with hands‑on experience in Splunk Enterprise Security (ES) and UEBA architecture design. The goal is to demonstrate value realization of UEBA through measurable detection efficacy, integration readiness, and business alignment with banking risk domains.
Experience 12+ years of Cybersecurity Program Management experience, with 3+ years on Splunk ES/UEBA architecture.
Key Responsibilities
Define POC objectives, scope, and success criteria aligned with bank’s cybersecurity roadmap.
Design Splunk UEBA architecture integrated with Splunk ES, SOAR, and core banking data sources.
Prepare high‑level and low‑level architecture diagrams, data flow designs, and source mapping matrices.
Collaborate with client stakeholders (CISO, SOC, Fraud, IAM teams) to finalize use‑case priorities.
Data Onboarding & Integration
Identify and onboard critical log sources for UEBA modeling, including Active Directory, Core Banking Applications, SWIFT, Payment Gateways, VPN, Endpoint, DLP, Proxy, and Cloud workloads (AWS / Azure).
Identity feeds from SailPoint, CyberArk, Okta, and HR systems.
Develop CIM‑compliant data models and enrichment pipelines to enhance user/entity visibility.
Use Case Development
Define top 5–10 banking‑specific UEBA use cases for POC, e.g., Privileged account misuse, suspicious fund transfers or SWIFT anomalies, credential sharing between teller and back‑office users, unusual login patterns from critical systems, high‑value transaction anomaly by region or time.
Configure risk scoring models and behavioral baselines for these use cases.
Correlate UEBA detections with Splunk ES correlation searches and alerting framework.
Execute the POC with real‑time or replayed data to validate model accuracy, recall, and precision.
Tune machine learning baselines to minimize false positives and noise.
Document findings, dashboards, and detection outcomes for executive reporting.
Reporting & Executive Enablement
Deliver POC performance dashboard showing detection efficiency, event correlation improvements, and mean‑time‑to‑detect (MTTD) reductions.
Present POC results to CISO and Risk Leadership Team, including ROI and production roadmap.
Prepare technical handover and operationalization recommendations post‑POC.
Technical Skills – Splunk Expertise
Strong hands‑on experience with Splunk Enterprise Security (ES) and Splunk UEBA setup, tuning, and integration.
Expertise in data ingestion pipelines, indexing, parsing, CIM mapping, and notable event correlation.
Ability to integrate Splunk UEBA with SOAR (Phantom) for automated triage.
Cybersecurity & Analytics
Deep understanding of banking threat models, insider threat, fraud detection, and behavioral analytics.
Familiarity with MITRE ATT&CK, NIST, and FFIEC frameworks.
Strong command of data correlation, machine learning baselines, and risk‑scoring models.
Integration Knowledge
Familiarity with IAM/PAM systems (CyberArk, SailPoint, Okta), SIEM/SOAR, and core banking apps.
API‑based integrations (REST, HEC, Syslog, Kafka) for streaming telemetry data.
Understanding of data governance, privacy controls, and compliance (GLBA, PCI‑DSS, SOX).
Qualifications
Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.
7–10 years’ total experience, with minimum 3 years on Splunk ES/UEBA architecture.
Splunk Enterprise Security Certified Architect.
Splunk Core Certified Consultant.
Splunk UEBA Specialist (if available).
Additional certifications such as CISSP, CISM, or SABSA are an advantage.
#J-18808-Ljbffr
Get AI-powered advice on this job and more exclusive features.
Direct message the job poster from Paradigm Global Consulting
Location – preferably in Columbus, OH | Charlotte, NC
Job Summary The Splunk UEBA Solution Architect will lead the design, deployment, and validation of a Proof‑of‑Concept (POC) for the Splunk User and Entity Behavior Analytics (UEBA) platform in a banking environment. This role requires deep understanding of financial use cases, insider threat detection, fraud correlation, and compliance‑driven monitoring, along with hands‑on experience in Splunk Enterprise Security (ES) and UEBA architecture design. The goal is to demonstrate value realization of UEBA through measurable detection efficacy, integration readiness, and business alignment with banking risk domains.
Experience 12+ years of Cybersecurity Program Management experience, with 3+ years on Splunk ES/UEBA architecture.
Key Responsibilities
Define POC objectives, scope, and success criteria aligned with bank’s cybersecurity roadmap.
Design Splunk UEBA architecture integrated with Splunk ES, SOAR, and core banking data sources.
Prepare high‑level and low‑level architecture diagrams, data flow designs, and source mapping matrices.
Collaborate with client stakeholders (CISO, SOC, Fraud, IAM teams) to finalize use‑case priorities.
Data Onboarding & Integration
Identify and onboard critical log sources for UEBA modeling, including Active Directory, Core Banking Applications, SWIFT, Payment Gateways, VPN, Endpoint, DLP, Proxy, and Cloud workloads (AWS / Azure).
Identity feeds from SailPoint, CyberArk, Okta, and HR systems.
Develop CIM‑compliant data models and enrichment pipelines to enhance user/entity visibility.
Use Case Development
Define top 5–10 banking‑specific UEBA use cases for POC, e.g., Privileged account misuse, suspicious fund transfers or SWIFT anomalies, credential sharing between teller and back‑office users, unusual login patterns from critical systems, high‑value transaction anomaly by region or time.
Configure risk scoring models and behavioral baselines for these use cases.
Correlate UEBA detections with Splunk ES correlation searches and alerting framework.
Execute the POC with real‑time or replayed data to validate model accuracy, recall, and precision.
Tune machine learning baselines to minimize false positives and noise.
Document findings, dashboards, and detection outcomes for executive reporting.
Reporting & Executive Enablement
Deliver POC performance dashboard showing detection efficiency, event correlation improvements, and mean‑time‑to‑detect (MTTD) reductions.
Present POC results to CISO and Risk Leadership Team, including ROI and production roadmap.
Prepare technical handover and operationalization recommendations post‑POC.
Technical Skills – Splunk Expertise
Strong hands‑on experience with Splunk Enterprise Security (ES) and Splunk UEBA setup, tuning, and integration.
Expertise in data ingestion pipelines, indexing, parsing, CIM mapping, and notable event correlation.
Ability to integrate Splunk UEBA with SOAR (Phantom) for automated triage.
Cybersecurity & Analytics
Deep understanding of banking threat models, insider threat, fraud detection, and behavioral analytics.
Familiarity with MITRE ATT&CK, NIST, and FFIEC frameworks.
Strong command of data correlation, machine learning baselines, and risk‑scoring models.
Integration Knowledge
Familiarity with IAM/PAM systems (CyberArk, SailPoint, Okta), SIEM/SOAR, and core banking apps.
API‑based integrations (REST, HEC, Syslog, Kafka) for streaming telemetry data.
Understanding of data governance, privacy controls, and compliance (GLBA, PCI‑DSS, SOX).
Qualifications
Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or related field.
7–10 years’ total experience, with minimum 3 years on Splunk ES/UEBA architecture.
Splunk Enterprise Security Certified Architect.
Splunk Core Certified Consultant.
Splunk UEBA Specialist (if available).
Additional certifications such as CISSP, CISM, or SABSA are an advantage.
#J-18808-Ljbffr