Sr Engineer Security (SIEM)

Job Description

Job Description RESPONSIBILITIES: ? Splunk Infrastructure & Administration Design, deploy, and maintain enterprise solutions and components for Splunk Cloud and on premises environments including Search Heads, Indexers, Forwarders and Deployment Servers Manage Splunk high availability configurations Deploy, configure, and maintain Splunk Connect for Syslog (SC4S) Perform capacity planning, performance tuning, and resource optimization Implement and maintain data retention policies and index management strategies Oversee Splunk upgrades, patches, and maintenance activities Data Integration & Management Configure and manage universal forwarders, heavy forwarders, and data inputs from diverse sources Develop and maintain data parsing, field extractions, and data models Create and optimize indexes, source types, and data routing configurations Implement data quality controls and validation processes Design efficient search strategies and query optimization Development & Automation Develop custom Splunk applications, dashboards, and visualizations Create and maintain complex SPL (Search Processing Language) queries and reports Build automated monitoring solutions and alerting mechanisms Develop Python scripts and REST API integrations for Splunk automation Implement Infrastructure as Code (IaC) practices for Splunk deployments Security & Compliance Design and implement security information and event management (SIEM) solutions Develop security monitoring use cases and threat detection scenarios Create compliance reporting and audit trail mechanisms Implement role-based access controls and data classification policies Support incident response and forensic investigations Collaboration & Leadership Mentor team members and provide technical guidance Collaborate with cross-functional teams Lead technical architecture reviews and design sessions Participate in on-call rotation and provide escalation support Document processes, procedures, and best practices EDUCATIONAL REQUIREMENTS: ? Bachelor?s degree in computer science, Information Systems, or equivalent combination of education and experience? Relevant Security Certifications Experience Required A minimum of 10 years of experience. QUALIFICATIONS, KNOWLEDGE, SKILLS & ABILITIES: ? 7+ years of hands-on Splunk experience including administration and development Splunk certifications required: Splunk Core Certified Admin, Splunk Core Certified Power User, Splunk Cloud Certified Admin Preferred certifications: Splunk Enterprise Security Certified Admin, Splunk IT Service Intelligence Proficiency in SPL (Search Processing Language) and advanced search techniques Experience with Splunk Enterprise Security (ES), IT Service Intelligence (ITSI), or other Splunk premium applications Strong knowledge of Linux/Unix systems administration Scripting experience in Python, Shell, PowerShell, or similar languages Understanding of networking protocols, log formats, and data sources (syslog, JSON, XML, etc.) Infrastructure & Tools Experience with virtualization platforms (VMware, Hyper-V) and cloud environments (AWS, Azure, GCP) Knowledge of configuration management tools (Terraform, Ansible, Puppet, Chef) Familiarity with containerization technologies (Docker, Kubernetes) Experience with load balancers, firewalls, and network security devices Understanding of database systems and SQL Security & Compliance Knowledge of security frameworks (NIST, ISO 27001, PCI-DSS, SOX) Experience with threat hunting and incident response procedures Understanding of common attack vectors and security monitoring best practices Familiarity with compliance reporting requirements Preferred Qualifications Bachelor's degree in Computer Science, Information Technology, or related field Experience with additional SIEM platforms Knowledge of machine learning and statistical analysis techniques Experience with DevOps practices and CI/CD pipelines Industry certifications such as CISSP, GCIH, or equivalent Technical Environment Multi-terabyte daily data ingestion High-availability clustered deployments Integration with enterprise security tools and business applications Hybrid cloud and on-premises infrastructure General Skills Include Strong critical thinking and analytical skills Ability to approach problem solving in a constructive and collaborative way that does not require absolute security. The ability to communicate complicated technical issues and risks to programmers, network engineers and managers. Strong leadership, project, and team-building skills Exceptional communication skills with diverse audiences; the ability to be an infrastructure security subject matter expert who can explain relevant topics to general audiences