Senior Splunk Enterprise Security Engineer

Description:We are looking for a Senior Splunk Enterprise Security (ES) Engineer to lead the design, administration, and optimization of our Splunk ES platform in a cloud-based environment. This role is highly hands-on and focuses on ensuring reliable security monitoring, efficient threat detection, and scalable SIEM operations across the enterprise. You will act as the subject matter expert (SME) for Splunk ES, working closely with SOC, security, compliance, and infrastructure teams to enhance visibility, reduce alert fatigue, and strengthen the overall security posture.🔹 Key ResponsibilitiesLead end-to-end administration of Splunk Enterprise Security (ES) in cloud environments (AWS/Azure/GCP)Design and maintain correlation searches, dashboards, and alerting frameworksImplement Risk-Based Alerting (RBA) and optimize detection use casesOnboard and normalize data sources ensuring CIM (Common Information Model) complianceMonitor and improve Splunk performance, indexing, and search efficiencyManage Splunk infrastructure components (indexers, search heads, forwarders, clustering)Integrate threat intelligence feeds and enhance detection capabilitiesSupport incident response and act as escalation point for complex issuesEnsure Splunk ES aligns with compliance frameworks (PCI DSS, SOX, NIST CSF)Maintain documentation, runbooks, and operational proceduresRecommend and implement new tools, apps, and integrations🔹 Required Qualifications5+ years of experience with Splunk administration, including Splunk ESStrong knowledge of SIEM, security monitoring, and log managementHands-on experience with cloud platforms (AWS, Azure, or GCP)Strong proficiency in SPL (Search Processing Language)Certifications: Splunk Enterprise Certified Admin/Splunk ES Certified Admin/CISSP / GIAC (GCIA, GCIH)Experience with: Correlation searches/Dashboards and alerts/Data models and lookupsKnowledge of CIM and data onboardingUnderstanding of PCI DSS, SOX, NIST CSF complianceExperience managing: Indexers/Search Heads/Forwarders/ClustersStrong troubleshooting and performance tuning skillsExcellent communication and stakeholder collaboration skills🔹 Preferred QualificationsExperience in large-scale or retail environmentsHands-on with Splunk SOAR (Phantom)Background in SOC operations, threat hunting, or detection engineeringExperience with Terraform / Ansible (Infrastructure as Code)Scripting skills in Python, Bash, or PowerShell