Sr Engineer Security (SIEM)

• Design, deploy, and maintain enterprise solutions and components for Splunk Cloud and on-premises environments including Search Heads, Indexers, Forwarders and Deployment Servers
• Manage Splunk high availability configurations
• Deploy, configure, and maintain Splunk Connect for Syslog (SC4S)
• Perform capacity planning, performance tuning, and resource optimization
• Implement and maintain data retention policies and index management strategies
• Oversee Splunk upgrades, patches, and maintenance activities

• Configure and manage universal forwarders, heavy forwarders, and data inputs from diverse sources
• Develop and maintain data parsing, field extractions, and data models
• Create and optimize indexes, source types, and data routing configurations
• Implement data quality controls and validation processes
• Design efficient search strategies and query optimization

• Develop custom Splunk applications, dashboards, and visualizations
• Create and maintain complex SPL queries and reports
• Build automated monitoring solutions and alerting mechanisms
• Develop Python scripts and REST API integrations for Splunk automation
• Implement Infrastructure as Code (IaC) practices for Splunk deployments

• Design and implement security information and event management (SIEM) solutions
• Develop security monitoring use cases and threat detection scenarios
• Create compliance reporting and audit trail mechanisms
• Implement role-based access controls and data classification policies
• Support incident response and forensic investigations

• Mentor team members and provide technical guidance
• Collaborate with cross‑functional teams
• Lead technical architecture reviews and design sessionsParticipate in on‑call rotation and provide escalation support
• Document processes, procedures, and best practices

• Bachelor’s degree in computer science, Information Systems, or equivalent combination of education and experience
• Relevant Security Certifications

• A minimum of 10 years of experience

• 7+ years of hands‑on Splunk experience including administration and development
• Splunk certifications required: Splunk Core Certified Admin, Splunk Core Certified Power User, Splunk Cloud Certified Admin
• Preferred certifications: Splunk Enterprise Security Certified Admin, Splunk IT Service Intelligence
• Proficiency in SPL (Search Processing Language) and advanced search techniques
• Experience with Splunk Enterprise Security (ES), IT Service Intelligence (ITSI), or other Splunk premium applications
• Strong knowledge of Linux/Unix systems administration
• Scripting experience in Python, Shell, PowerShell, or similar languages
• Understanding of networking protocols, log formats, and data sources (syslog, JSON, XML, etc.)

• Experience with virtualization platforms (VMware, Hyper‑V) and cloud environments (AWS, Azure, GCP)
• Knowledge of configuration management tools (Terraform, Ansible, Puppet, Chef)
• Familiarity with containerization technologies (Docker, Kubernetes)
• Experience with load balancers, firewalls, and network security devices
• Understanding of database systems and SQL

• Knowledge of security frameworks (NIST, ISO 27001, PCI‑DSS, SOX)
• Experience with threat hunting and incident response procedures
• Understanding of common attack vectors and security monitoring best practices
• Familiarity with compliance reporting requirements

• Bachelor's degree in Computer Science, Information Technology, or related field
• Experience with additional SIEM platforms
• Knowledge of machine learning and statistical analysis techniques
• Experience with DevOps practices and CI/CD pipelines
• Industry certifications such as CISSP, GCIH, or equivalent

• Multi‑terabyte daily data ingestion
• High‑availability clustered deployments
• Integration with enterprise security tools and business applications
• Hybrid cloud and on‑premises infrastructure

• Strong critical thinking and analytical skills
• Ability to approach problem solving in a constructive and collaborative way that does not require absolute security
• The ability to communicate complicated technical issues and risks to programmers, network engineers and managers
• Strong leadership, project, and team‐building skills

Exceptional communication skills with diverse audiences; the ability to be an infrastructure security subject matter expert who can explain relevant topics to general audiences