Security Consultant -Splunk Implementation & Integration Specialist

About the Role:

Security Consultant-Splunk

deployment and configuration of Cribl

Key Responsibilities:

1. SIEM Design & Implementation

• Architect and deploy Splunk environments (single/multi-site, indexer/search head clustering).

• Define and implement data ingestion strategies.

• Configure Splunk components: UF/HF, indexers, deployment servers, apps, etc.

• Cribl

2. Log Source Onboarding

• Identify and prioritize IT, cloud, network, and application log sources.

• Develop onboarding playbooks and custom parsing logic.

• Configure props.conf, transforms.conf, and onboard into CIM-compliant structure.

3. Use Case Development & Configuration

• Collaborate with SOC to translate detection requirements into correlation rules and alerts.

• Splunk Enterprise Security (ES)

• Optimize SPL queries and tune alerts to reduce noise and false positives.

4. Tool Integration

• Integrate Splunk with platforms including:

  • SOAR solutions: Splunk SOAR, Palo Alto XSOAR

  • TIPs: Anomali, open-source feeds

  • Ticketing tools: ServiceNow, JIRA

  • EDR/NDR solutions: CrowdStrike, Fortinet, Cisco, etc.

• Develop and manage APIs and automation scripts for bi-directional integration.

5. Documentation & Knowledge Transfer

• Prepare HLDs/LLDs, operational SOPs, and architecture diagrams.

• Create runbooks and ensure configuration backups.

• Conduct KT sessions and operational training for SOC teams.

Required Skills & Experience:

• 5+ years in SIEM implementation (3+ years focused on Splunk)

• Splunk SIEM, Splunk SOAR, and Cribl deployment/configuration

• Skilled in SPL (Search Processing Language), CIM compliance, and log enrichment

• Hands-on with onboarding data from varied sources and environments

• Experience integrating tools and building automation with Python, Bash, etc.

Preferred Certifications:

• Splunk Core Certified Power User

• Splunk Certified Admin / Architect

• Splunk Enterprise Security Certified Admin (preferred)

• CompTIA Security+, GCIA, or CISSP (nice to have)