Splunk Engineer – Security Responsibilities:

• Design, implement, and maintain the Splunk Enterprise platform to support cybersecurity monitoring, detection, and investigation across the organization.
• Develop and optimize advanced correlation searches, dashboards, and alerts tailored to threat detection, compliance, and operational reporting requirements.
• Collaborate closely with SOC analysts, incident responders, and threat hunters to translate security use cases into scalable, actionable Splunk detections.
• Lead the onboarding and normalization of diverse log sources (e.g., firewalls, proxies, cloud platforms, EDR, IAM systems), ensuring timely and accurate data ingestion.
• Work with security teams to identify data gaps, enrich ingested logs with contextual metadata, and maintain data models and CIM compliance.
• Automate repetitive tasks using scripting languages (e.g., Python, PowerShell, Bash) to streamline detection tuning, threat intelligence ingestion, and reporting.
• Support continuous tuning of alert logic to minimize false positives, improve fidelity, and ensure alignment with evolving threats and TTPs.
• Perform health monitoring, capacity planning, and troubleshooting of the Splunk environment to ensure high availability and optimal performance.
• Integrate Splunk with external platforms such as SOAR tools, ticketing systems, and threat intelligence feeds, enabling end-to-end incident workflows.
• Maintain detection engineering documentation, including correlation logic, data mappings, onboarding procedures, and incident workflows.
• Participate in tabletop exercises and red/blue team simulations, using Splunk to validate detection coverage and support response activities.
• Contribute to the development of security metrics and executive-level dashboards, offering visibility into SOC effectiveness and threat trends.
• Collaborate with compliance and audit teams to generate reports aligned with security standards (e.g., ISO 27001, PCI-DSS, NIST 800-53).
• Continuously research and implement best practices for log source integration, detection engineering, and data lifecycle management.

Qualification:

• Advanced Splunk Search (SPL), Dashboards, and Reporting
• Data Onboarding, CIM Compliance, and Source Normalization
• Detection Engineering and Alert Optimization
• Log Analysis and Threat Correlation
• Scripted Automation (Python, PowerShell, Bash – highly preferred)
• Security Framework Alignment (MITRE ATT&CK, CIS, ISO 27001)
• Collaboration with SOC and Incident Response Teams
• System and Application Log Understanding (Linux, Windows, Cloud, etc.)
• Documentation and Knowledge Sharing
• Performance Tuning and Troubleshooting
• Familiarity with SOAR and Threat Intelligence Integration

Certifications (Optional but Beneficial):

• Splunk Core Certified Power User / Admin / Architect
• CompTIA Security+ / CySA+
• GIAC Certified Detection Analyst (GCDA)
• Microsoft Certified: Security Operations Analyst Associate
• Cisco Certified CyberOps Associate