Splunk Enterprise Security (ES) SIEM Engineer
Role details
Job location
Tech stack
Job description
The Senior Splunk Enterprise Security professional serves as a subject matter expert for designing, implementing, tuning, and maintaining Splunk Enterprise and Enterprise Security to support enterprise-level security monitoring, threat detection, and incident response. This role works closely with security engineering, SOC operations, threat intelligence, and IT infrastructure teams to enhance visibility, strengthen detection capabilities, and ensure the overall effectiveness of SIEM operations., Architect, deploy, and administer Splunk Enterprise Security in a large-scale, distributed environment
Develop and optimize correlation searches, risk-based alerting (RBA) models, dashboards, data models, and notable events
Lead onboarding, parsing, normalization, and CIM mapping for diverse security and IT data sources
Conduct health checks, performance tuning, and capacity planning for Splunk indexers, search he Install, configure, and maintain Splunk Enterprise components: indexers, search head clusters, deployment servers, heavy forwarders, and universal forwarders
Administer and optimize clustered Splunk environments for performance, resiliency, and scalability
Configure and manage data onboarding, parsing, props/transforms, index creation, retention policies, and storage planning ads, and cluster environments
Enhance detection engineering by creating advanced detection logic for TTPs aligned to MITRE ATT&CK
Collaborate with SOC analysts to operationalize detections and automate workflows via SOAR (if applicable)
Monitor and improve data ingestion pipelines and troubleshoot indexing or search performance issues
Maintain documentation, playbooks, and engineering standards for Splunk ES environments
Mentor junior analysts/engineers and provide SME guidance during incidents and threat hunting activities
Ensure compliance with enterprise security policies, regulatory frameworks, and audit requirements
Manage distributed configurations using deployment server, cluster master, or deployment tools
Implement best practices for system security, hardening, and compliance requirements
Collaborate with ES and SOC teams to ensure data readiness and platform reliability for security operations
Automate routine administrative tasks using scripts (Python, Bash, PowerShell)
Maintain documentation for architecture, configuration standards, data onboarding, and operational procedures
Provide mentorship and SME-level technical guidance to Splunk users and junior administrators
Requirements
Bachelor's degree in Cybersecurity, Computer Science, IT, or related field (or equivalent experience)
5-10+ years of hands-on experience with Splunk Enterprise and Splunk ES
Strong expertise in SPL query design, dashboards, macros, and data model acceleration
Proven experience with CIM mapping, data ingestion onboarding, and parsing using props/transforms
Understanding of SIEM operations, SOC workflows, and threat detection methodologies
Knowledge of security tools (EDR, FW, IDS/IPS, cloud logs, vulnerability scanners, IAM logs, etc.)
Familiarity with Linux/Unix systems, networking protocols, and cybersecurity fundamentals
Ability to guide incident response activities and provide SME-level support
Strong knowledge of Splunk architecture, clustering, indexing, and search optimization
Experience with configuration files (props.conf, transforms.conf, inputs.conf, outputs.conf)
Proficiency in Linux/Unix administration and system troubleshooting
Hands-on experience with data ingestion, parsing, and log pipeline troubleshooting
Familiarity with networking concepts (TCP/UDP, syslog, load balancing, SSL certificates)
Experience with role-based access controls and authentication integrations
Ability to lead Splunk upgrades, migrations, and architectural improvements
Preferred Qualifications
Splunk certifications (Architect, Consultant, ES Analyst, Core Certified Power User, etc.)
Experience with Splunk SOAR (Phantom) for automation
Expertise with MITRE ATT&CK-aligned detection development
Scripting/automation experience (Python, Bash, PowerShell)
Experience in cloud security logging (AWS, Azure, Google Cloud Platform)
Background supporting federal government or regulated industries
Soft Skills
Strong analytical and problem-solving abilities
Excellent communication and documentation skills
Ability to lead and mentor teammates
Comfortable working in a dynamic SOC or security engineering environment
