Sr Engineer Security (SIEM)

Responsibilities:

Splunk Infrastructure & Administration

• Design, deploy, and maintain enterprise solutions and components for Splunk Cloud and on premises environments including Search Heads, Indexers, Forwarders and Deployment Servers
• Manage Splunk high availability configurations
• Deploy, configure, and maintain Splunk Connect for Syslog (SC4S)
• Perform capacity planning, performance tuning, and resource optimization
• Implement and maintain data retention policies and index management strategies
• Oversee Splunk upgrades, patches, and maintenance activities

Data Integration & Management

• Configure and manage universal forwarders, heavy forwarders, and data inputs from diverse sources
• Develop and maintain data parsing, field extractions, and data models
• Create and optimize indexes, source types, and data routing configurations
• Implement data quality controls and validation processes
• Design efficient search strategies and query optimization

Development & Automation

• Develop custom Splunk applications, dashboards, and visualizations
• Create and maintain complex SPL (Search Processing Language) queries and reports
• Build automated monitoring solutions and alerting mechanisms
• Develop Python scripts and REST API integrations for Splunk automation
• Implement Infrastructure as Code (IaC) practices for Splunk deployments

Security & Compliance

• Design and implement security information and event management (SIEM) solutions
• Develop security monitoring use cases and threat detection scenarios
• Create compliance reporting and audit trail mechanisms
• Implement role-based access controls and data classification policies
• Support incident response and forensic investigations

Collaboration & Leadership

• Mentor team members and provide technical guidance
• Collaborate with cross-functional teams 
• Lead technical architecture reviews and design sessions
• Participate in on-call rotation and provide escalation support
• Document processes, procedures, and best practices

Educational Requirements:

• Bachelor’s degree in computer science, Information Systems, or equivalent combination of education and experience  

• Relevant Security Certifications

Experience Required:

• A minimum of 10 years of experience. 

Qualifications, Knowledge, Skills & Abilities:

• 7+ years of hands-on Splunk experience including administration and development 
• Splunk certifications required: Splunk Core Certified Admin, Splunk Core Certified Power User, Splunk Cloud Certified Admin
• Preferred certifications: Splunk Enterprise Security Certified Admin, Splunk IT Service Intelligence 
• Proficiency in SPL (Search Processing Language) and advanced search techniques 
• Experience with Splunk Enterprise Security (ES), IT Service Intelligence (ITSI), or other Splunk premium applications 
• Strong knowledge of Linux/Unix systems administration 
• Scripting experience in Python, Shell, PowerShell, or similar languages 
• Understanding of networking protocols, log formats, and data sources (syslog, JSON, XML, etc.)

  Infrastructure & Tools

• Experience with virtualization platforms (VMware, Hyper-V) and cloud environments (AWS, Azure, GCP)
• Knowledge of configuration management tools (Terraform, Ansible, Puppet, Chef)
• Familiarity with containerization technologies (Docker, Kubernetes)
• Experience with load balancers, firewalls, and network security devices
• Understanding of database systems and SQL

  Security & Compliance

• Knowledge of security frameworks (NIST, ISO 27001, PCI-DSS, SOX)
• Experience with threat hunting and incident response procedures
• Understanding of common attack vectors and security monitoring best practices
• Familiarity with compliance reporting requirements

Preferred Qualifications

• Bachelor's degree in Computer Science, Information Technology, or related field
• Experience with additional SIEM platforms
• Knowledge of machine learning and statistical analysis techniques
• Experience with DevOps practices and CI/CD pipelines
• Industry certifications such as CISSP, GCIH, or equivalent

  Technical Environment

• Multi-terabyte daily data ingestion
• High-availability clustered deployments
• Integration with enterprise security tools and business applications
• Hybrid cloud and on-premises infrastructure

General Skills Include:

• Strong critical thinking and analytical skills
• Ability to approach problem solving in a constructive and collaborative way that does not require absolute security. 
• The ability to communicate complicated technical issues and risks to programmers, network engineers and managers.
• Strong leadership, project, and team-building skills

Exceptional communication skills with diverse audiences; the ability to be an infrastructure security subject matter expert who can explain relevant topics to general audiences