**This role requires an active Secret Level security Clearance**
Required Skills & Experience
• Experience: Minimum of 5 years of professional experience in a SIEM
Engineering, Security Operations or Incident Response environment.
• Splunk Proficiency: Demonstrated ability to write complex SPL queries,
build/maintain production-grade dashboards, and perform data normalization within
Splunk Enterprise or Splunk Enterprise Security (ES).
• Technical Skills:
o Experience onboarding and integrating security data sources into Splunk.
Experience integrating security tools (e.g., AWS Security Hub) into a centralized SIEM.
o Understanding of Splunk knowledge objects, field extractions, lookups,
and CIM normalization.
• Operational Mindset: Ability to handle high-pressure incident response
scenarios and a willingness to participate in an on-call rotation.
• Communication: Proven ability to present technical findings and dashboard
insights to both technical and non-technical stakeholders.
Nice to Have Skills & Experience
• Splunk Enterprise Security (ES) Certified Admin and/or Splunk Core Certified
Power User.
• Security+ or equivalent
• Certifications such as GCIH, GCIA, or Azure/AWS Security certifications.
• Experience in a multi-cloud environment (AWS/Azure) specifically focusing on
identity and access management (Entra ID).
Job Description
We are seeking a proactive SIEM Engineer with a strong focus on Splunk engineering, detection
development, and cloud security operations. This role will support the organization’s security
monitoring and incident response capabilities by leveraging Splunk Enterprise Security (ES), Splunk
SOAR, and integrated cloud/security platforms across AWS and Azure environments.
The ideal candidate will contribute to the development and optimization of detections, dashboards, automation workflows, and data onboarding initiatives while assisting with troubleshooting and
maintaining distributed Splunk environments. This individual will work closely with SOC analysts,
cloud teams, and engineering stakeholders to improve security visibility, operational efficiency, and threat detection capabilities.
This position requires a blend of security operations experience and hands-on Splunk engineering skills, including data normalization, ingestion troubleshooting, search optimization, and security analytics development. The candidate should be comfortable operating in a fast-paced 24/7 security environment, participating in on-call rotations, and supporting continuous improvement initiatives across the security operations program.
Role Responsibilities
Splunk Engineering & Analytics:
• Develop, maintain, and optimize Splunk Enterprise Security (ES)
detections, dashboards, and correlation searches
• Support Splunk SOAR playbook development and automation workflows
• Assist with onboarding, parsing, normalization, and enrichment of security data sources into Splunk
• Troubleshoot Splunk ingestion pipelines, forwarder connectivity, search performance, and indexing issues
• Create and maintain knowledge objects including field extractions, lookups, event types, tags, and macros client Confidential
• Assist with Splunk configuration changes and troubleshooting across distributed Splunk environments
• Leverage data models and accelerated searches to improve detection and reporting performance
• Collaborate with SOC analysts and engineering teams to improve visibility, detection coverage, and operational efficiency
Incident Response & Operations:
• Incident response efforts, conducting deep-dive investigations into alerts
generated by our security stack.
• Coordinate with internal teams to contain and remediate threats.
• Participate in a scheduled on-call rotation to ensure 24/7 incident coverage and rapid response.