Principal Observability Architect (Splunk & Databricks)

Position Summary

We are seeking a highly experienced Principal Observability Architect to lead the design, implementation, modernization, and optimization of enterprise-scale observability and analytics platforms. This role will serve as the technical authority for log management, observability engineering, telemetry pipelines, AIOps, security analytics, and data lakehouse architectures leveraging Splunk, Databricks, Cribl, OpenTelemetry, and cloud-native technologies.

The ideal candidate possesses deep expertise in traditional observability platforms (Splunk, Dynatrace, AppDynamics, ServiceNow ITOM) and modern data lakehouse architectures utilizing Databricks, Delta Lake, Unity Catalog, and AI/ML-driven analytics. This individual will drive the strategic transformation from legacy SIEM and observability platforms toward scalable, cloud-native observability data lakes.

Key Responsibilities

Enterprise Architecture & Strategy

• Define enterprise observability architecture standards, patterns, and roadmaps.
• Lead observability transformation initiatives involving Splunk modernization and Databricks adoption.
• Develop reference architectures for telemetry ingestion, storage, analytics, security, and AI-driven operations.
• Align observability strategies with business, security, compliance, and operational objectives.
• Create executive-level architecture presentations, business cases, and technology roadmaps.

Splunk Platform Leadership

• Architect large-scale Splunk Enterprise and Splunk Cloud environments.
• Design and optimize:
  • Indexer clusters
  • Search head clusters
  • Forwarder architectures
  • Deployment servers
  • Data models
  • ITSI implementations
• Define ingestion, retention, indexing, and data lifecycle strategies.
• Lead migration initiatives involving:
  • Splunk to Databricks
  • Heavy Forwarders to Cribl
  • SIEM modernization programs
• Optimize SPL searches, data models, summary indexing, and dashboard performance.

Databricks & Lakehouse Architecture

• Architect enterprise observability data lake solutions using:
  • Databricks Lakehouse
  • Delta Lake
  • Unity Catalog
  • Delta Live Tables
  • Structured Streaming
  • Mosaic AI
  • Genie
• Design Medallion Architectures:
  • Bronze
  • Silver
  • Gold
• Develop governance strategies including:
  • RBAC
  • Data masking
  • Data lineage
  • Audit controls
• Create high-performance log analytics solutions capable of supporting petabyte-scale telemetry environments.
• Enable self-service analytics and AI-powered observability use cases.

Telemetry & Data Engineering

• Design ingestion architectures supporting:
  • OpenTelemetry
  • OCSF
  • Syslog
  • Kafka
  • Azure Event Hubs
  • AWS Kinesis
  • GCP Pub/Sub
  • Cribl
• Define normalization and enrichment frameworks.
• Establish data quality and schema management processes.
• Design real-time and batch processing pipelines.

AIOps & Advanced Analytics

• Lead implementation of:
  • AIOps
  • Predictive analytics
  • Root cause analysis
  • Anomaly detection
  • Event correlation
• Integrate observability datasets with AI/ML platforms.
• Develop observability use cases leveraging:
  • Mosaic AI
  • Agentic AI
  • LLMs
  • Generative AI
• Build operational intelligence and executive KPI dashboards.

Security & Compliance

• Architect observability solutions supporting:
  • SOC operations
  • Threat hunting
  • Security analytics
  • Compliance reporting
• Design frameworks aligned with:
  • HIPAA
  • PCI-DSS
  • SOX
  • NIST
  • ISO 27001
• Implement data governance and security controls across observability platforms.

Leadership & Governance

• Provide technical leadership to engineering teams.
• Mentor architects, engineers, and developers.
• Conduct architecture reviews and design governance.
• Define platform standards, best practices, and operational procedures.
• Engage directly with executive stakeholders and business leaders.

Required Qualifications

Experience

• 10+ years of experience in Enterprise Observability, Monitoring, or Security Analytics.
• 5+ years architecting large-scale Splunk environments.
• 3+ years designing Databricks Lakehouse architectures.
• Experience managing environments exceeding:
  • 50 TB/day preferred
  • 100+ TB/day strongly preferred
• Experience leading enterprise transformation programs.

Splunk Expertise

Deep expertise in:

• Splunk Enterprise
• Splunk Cloud
• Splunk ITSI
• Enterprise Security
• SPL Development
• Data Models
• Indexer Clustering
• Search Head Clustering
• SmartStore
• Heavy Forwarders
• Universal Forwarders

Databricks Expertise

Strong experience with:

• Databricks Lakehouse
• Delta Lake
• Unity Catalog
• Delta Live Tables
• Structured Streaming
• Databricks SQL
• Genie
• Mosaic AI
• Lakehouse Federation

Cloud Platforms

Experience with one or more:

• Microsoft Azure
• Amazon Web Services
• Google Cloud

Data Technologies

Strong knowledge of:

• Kafka
• OpenTelemetry
• OCSF
• Iceberg
• Spark
• SQL
• Python
• REST APIs
• Event Streaming Architectures

Preferred Qualifications

• Experience with Cribl Stream and Cribl Edge
• Experience with Dynatrace, AppDynamics, Datadog, or New Relic
• Experience with ServiceNow ITOM/Event Management
• Experience designing AI/ML operational analytics solutions
• Experience with Security Data Lakes and SIEM modernization initiatives
• Experience with FinOps and cloud cost optimization
• Experience building observability platforms for healthcare, financial services, retail, or large enterprise organizations

Certifications (Preferred)

Splunk

• Splunk Enterprise Certified Architect
• Splunk Core Certified Consultant

Databricks

• Databricks Certified Data Engineer Professional
• Databricks Certified Solutions Architect

Cloud

• Azure Solutions Architect Expert
• AWS Solutions Architect Professional
• Google Professional Cloud Architect

Success Metrics

Within the first 12 months, the architect will:

• Deliver enterprise observability architecture roadmap.
• Reduce observability platform costs through modernization initiatives.
• Design and implement a scalable observability data lake architecture.
• Improve telemetry ingestion performance and reliability.
• Enable AI-powered analytics and operational intelligence capabilities.
• Establish enterprise governance standards for observability and security telemetry.
• Support petabyte-scale observability and security analytics workloads.

Ideal Background

Candidates from organizations utilizing large-scale observability environments such as healthcare, banking, retail, telecommunications, logistics, cloud providers, or managed services organizations are highly desirable. Experience supporting environments generating 100TB+ of telemetry per day and integrating Splunk, Databricks, Cribl, OpenTelemetry, and cloud-native data platforms is strongly preferred.