We are seeking an experienced Senior Splunk Engineer to join our Security Operations and IT Monitoring team. The ideal candidate will have hands-on expertise with the Splunk platform and a strong background in security monitoring, log analysis, and operationalization of SIEM solutions. You will be responsible for designing, maintaining, and optimizing Splunk dashboards, reports, alerts, and correlation searches to ensure operational visibility, security monitoring, and high-quality data ingestion.
Key Responsibilities
- Develop, configure, and maintain Splunk dashboards, reports, alerts, and correlation searches to support security monitoring and operational visibility.
- Build, optimize, and maintain log ingestion pipelines, ensuring accurate parsing, enrichment, and normalization of data from multiple sources.
- Create and maintain SOPs, runbooks, triage workflows, and incident remediation procedures for Splunk-based monitoring operations.
- Perform alert triage, event investigation, and root cause analysis using Splunk queries (SPL) and correlation logic.
- Continuously tune searches, dashboards, and alerts to improve detection quality and reduce noise/false positives.
- Partner with Security Operations, IT, Network, and Application teams to expand log coverage and improve monitoring use cases.
- Monitor Splunk platform health, performance, indexing, storage, and data ingestion to ensure high availability and reliability.
Required Skills & Experience
- Hands-on experience with the Splunk platform, including dashboard creation, SPL queries, reports, and correlation rule development.
- Proven expertise in log analysis, event correlation, and building end-to-end monitoring use cases.
- Experience in operationalizing Splunk through SOPs, triage processes, runbooks, and incident response workflows.
- Strong understanding of log formats (syslog, JSON, Windows events), ingestion methods, and data onboarding best practices.
- Ability to perform incident triage, investigation, and remediation using SPL.
- Knowledge of security monitoring concepts, SIEM architecture, detection logic, and alert tuning.
- Strong communication and documentation skills, with the ability to collaborate effectively across SOC, IT, and Engineering teams.