Splunk Engineer

Key Responsibilities:

• Develop Splunk applications for continuous monitoring, reporting, and analytics.
• Onboard and parse log data from servers, applications, and cloud sources
• Develop and implement automation playbooks using SOAR platforms (e.g., Splunk SOAR, Cortex XSOAR, etc).
• Identify repetitive SOC workflows and convert them into automated processes using Python and APIs.
• Work closely with SOC analysts and SOAR developers to optimize alert handling, containment, and remediation processes.
• Test, troubleshoot, and refine automation playbooks to improve effectiveness and reduce false positives.
• Collaborate with security engineers to refine detection rules, enhance alerting logic, and improve security visibility.
• Write and optimize SPL (Search Processing Language) queries
• Support system monitoring and incident response using Splunk
• Maintain performance and data accuracy in the Splunk environment

 

Qualifications Required:

• Strong knowledge of SIEM (Splunk)
• 5+ years of experience in cybersecurity or network security engineering roles
• Experience with log ingestion, correlation rule development, alert tuning, or CIM mapping in Splunk
• Experience creating dashboards and reports in Splunk
• Experience creating and deploying playbooks or automated workflows.
• Experience with REST APIs and integrations with security tools (e.g., EDRs, SIEMs, threat intel, AD, firewalls).
• Experience performing threat detection and log analysis
• Understanding of security operations and incident response procedures.

• Proficiency in Python or scripting languages for security automation and API integrations.
• Experience with security frameworks (e.g. MITRE ATT&CK, CIS, NIST, and ISO 27001).
• Experience working with ServiceNow, Jira, or other ITSM platforms.