Technical Service Lead- Enterprise Logging

Technical Service Lead– Enterprise Logging

Why choose between doing meaningful work and having a fulfilling life? At MITRE, you can have both. That's because MITRE people are committed to tackling our nation's toughest challenges—and we're committed to the long-term well-being of our employees. MITRE is different from most technology companies. We are a not-for-profit corporation chartered to work for the public interest, with no commercial conflicts to influence what we do. The R&D centers we operate for the government create lasting impact in fields as diverse as cybersecurity, healthcare, aviation, defense, and enterprise transformation. We're making a difference every day—working for a safer, healthier, and more secure nation and world. Our workplace reflects our values. We offer competitive benefits, exceptional professional development opportunities for career growth, and a culture of innovation that embraces adaptability, collaboration, technical excellence, and people in partnership. If this sounds like the choice you want to make, then choose MITRE - and make a difference with us.

MITRE's Corporate Information Security Division is seeking a Technical Service Lead for Enterprise Logging within the Cyber Defense Operations Department. This role is responsible for the strategy, implementation, operation, and continuous improvement of MITRE's enterprise logging service, with primary responsibility for the corporation's Splunk and Cribl platforms. The successful candidate will serve in a hands-on, player-coach capacity, balancing service ownership with direct technical execution to support enterprise monitoring, troubleshooting, audit readiness, and cybersecurity operations.

The Technical Service Lead will partner across cybersecurity, enterprise technology, infrastructure, system administration, and compliance teams to shape logging requirements, manage service priorities, oversee operational budgets and roadmaps, and ensure the logging environment remains secure, scalable, resilient, and aligned to enterprise needs. This individual will contribute to both upstream and downstream logging needs, including annual content reviews, policy updates, onboarding priorities, data routing, filtering, transformation, and retention strategies. The ideal candidate brings deep experience with enterprise logging operations, including hands-on administration and management of Splunk and Cribl in complex enterprise environments, along with the ability to lead through collaboration, technical credibility, and operational execution.

Roles & Responsibilities:

• Lead MITRE's enterprise logging service, establishing service strategy, priorities, roadmaps, and execution plans while contributing directly to implementation and operational support.
• Provide hands-on administration, troubleshooting, and continuous improvement of the enterprise logging environment, including Splunk infrastructure and Cribl data pipeline components.
• Partner with System Administrators, Information System Security Officers, enterprise technology teams, and other stakeholders to maintain and enhance logging capabilities across the corporation.
• Support day-to-day operations of the logging service, ensuring reliability, performance, scalability, service continuity, and effective handling of log collection, transport, transformation, and indexing.
• Investigate and remediate logging failures, ingestion issues, pipeline bottlenecks, routing errors, forwarder problems, search performance concerns, and other operational issues affecting platform health.
• Manage service planning activities, including budget inputs, licensing considerations, forecasting, roadmap development, and prioritization of enhancements across Splunk and Cribl capabilities.
• Design, deploy, maintain, and improve Splunk infrastructure, including indexers, search heads, clusters, and forwarders, to support high availability, resilience, and operational effectiveness.
• Administer and manage Cribl components used for log routing, reduction, filtering, enrichment, transformation, and delivery to downstream platforms, ensuring data is handled efficiently and in accordance with operational and security requirements.
• Contribute to upstream logging requirements by supporting annual content reviews, policy updates, control interpretation, and enterprise discussions on logging, retention, and audit expectations.
• Lead and support downstream data management activities, including data onboarding, filtering, normalization, routing, transformation, retention, and lifecycle management.
• Integrate new data sources from Windows, Linux, Cisco, and other enterprise systems, ensuring proper ingestion and transport through effective configuration of inputs, source types, indexes, forwarders, and Cribl data flows.
• Develop dashboards, alerts, and reports that provide actionable insights for operations, security monitoring, troubleshooting, and audit support.
• Manage Splunk roles, permissions, and authentication mechanisms to ensure secure and appropriate access.
• Translate business, security, and compliance requirements into logging standards, technical solutions, data pipeline configurations, and service improvements.
• Support incident, problem, and change management activities, including root cause analysis, mitigation planning, and implementation of corrective actions.
• Ensure the logging environment is configured and maintained in accordance with enterprise security requirements and policies. Support compliance with applicable frameworks, including CMMC, NIST 800-171, and NIST 800-53, and help maintain audit readiness.
• Support external inspections, assessments, and audits involving enterprise logging capabilities, data handling processes, and related controls.
• Provide technical leadership, mentor teammates as appropriate, and communicate effectively with both technical and non-technical stakeholders, including senior leadership.
• Drive continuous improvement through documentation, automation, process refinement, and service maturity enhancements across the enterprise logging ecosystem.

Basic Qualifications:

• Typically requires a minimum of 8 years of related experience with a Bachelor's degree; or 6 years and a Master's degree; or a PhD with 3 years' experience; or equivalent combination of related education and work experience.
• Significant hands-on experience supporting enterprise logging, SIEM, or observability services in a large-scale environment.
• Hands-on experience administering and managing Splunk and Cribl in an enterprise logging architecture.
• Deep understanding of Splunk architecture, administration, operations, and platform management.
• Strong understanding of Cribl administration and data pipeline management, including routing, filtering, transformation, enrichment, and optimization of log flows.
• Demonstrated ability to balance service ownership responsibilities with direct technical execution.
• Experience troubleshooting data ingestion failures, logging gaps, pipeline issues, routing problems, forwarder issues, search performance problems, and other operational issues in Splunk, Cribl, or comparable logging platforms.
• Experience collaborating across departments and driving service delivery in complex enterprise environments.
• Experience with service planning, roadmap development, operational governance, and execution management.
• Experience managing operational budgets, priorities, and enterprise service expectations.
• Strong knowledge of infrastructure operations, data ingestion pipelines, authentication methods, access management, configuration management, and forwarder administration within enterprise logging environments.
• Proficiency in Python, Bash, PowerShell, or similar scripting languages for automation and advanced administration.
• Strong analytical and problem-solving skills, including the ability to develop practical mitigation strategies for complex technical issues.
• Experience supporting compliance, audits, and security operations in regulated or security-conscious environments.
• This role requires flexibility to support occasional after-hours maintenance windows, implementation activities, troubleshooting, and incident response as needed.
• Must be eligible to obtain and maintain a Secret U.S Government issued Security Clearance within one year of hire.
• Per the U.S. Government's eligibility requirements, you must be a U.S Citizen to be considered for a security clearance.
• This position is hybrid and requires 50% on-site presence in our Bedford, MA or McLean, VA office based on business and operational needs.

Preferred Qualifications:

• Experience owning or leading an enterprise logging service with responsibility for both service strategy and hands-on operational support.
• Experience with SPL, data onboarding, dashboard development, alerting, reporting, and visualization.
• Experience using Cribl to optimize data flows, reduce ingestion costs, improve data quality, and support routing to multiple downstream destinations.
• Experience translating compliance, audit, and security requirements into logging use cases, onboarding standards, retention strategies, and implementation plans.
• Experience contributing to policy, standards, or annual content reviews related to logging, monitoring, audit, or cybersecurity operations.
• Knowledge of emerging IT and cybersecurity technologies relevant to logging and cyber defense operations.
• Ability to advise senior leadership on operational risk, security posture, service maturity, and policy or process changes.
• Experience improving service management practices such as KPI development, SLA management, incident management, problem management, and change management.
• Experience mentoring junior staff and contributing to a collaborative, high-performing team environment.
• Familiarity with insider threat programs and strategies for mitigating insider risks.
• Experience aligning logging and monitoring capabilities to CMMC, NIST 800-171, NIST 800-53, or similar compliance frameworks.
• Strong written and verbal communication skills, with the ability to explain technical concepts to technical and non-technical audiences.

This requisition requires