Job
Description
Job Title: DevSecOps Security Engineer with Splunk Expertise
Overview
The DevSecOps Security Engineer will embed security into modern delivery for our customer environment , while also providing Splunk engineering support to our internal team. Based in Chennai, India , this hands-on role partners with local Engineering/DevOps to secure CI/CD pipelines, Kubernetes workloads, and runtime environments in alignment with enterprise standards. Experience with API and Bot security is a plus.
Primary focus: Customer DevSecOps enablement (pipelines, IaC guardrails, Kubernetes hardening, runtime detection/response, observability)
Secondary focus: Internal Splunk SME work (use cases, onboarding, dashboards, compliance reporting)
Target allocation: ~80% Customer DevSecOps / ~20% Internal Splunk (subject to business needs)
Key Responsibilities
A) Customer DevSecOps Enablement
Pipeline Security: Integrate automated scans (SAST, SCA, IaC, container) into CI/CD (GitHub, Jenkins, Argo CD); enforce quality gates and break-glass workflows.
IaC Guardrails: Implement policy-as-code for Terraform/Helm/manifests; codify baselines, waivers, and approvals in version control.
Kubernetes Security: Apply CIS Benchmarks; enforce admission controls; implement least-privilege RBAC, network policies, image signing/attestations, and runtime defenses.
Secrets Identity: Harden secrets management; align to Zero Trust and least-privilege access patterns.
Compliance Mapping: Align detections/controls to MITRE ATTCK, CIS, NIST, and PCI where applicable; produce audit-ready artifacts (e.g., SBOMs and attestations).
API Bot Security (Strongly Preferred): Implement API discovery/cataloging and API threat modeling; enforce WAAP/edge/CDN policies and rate limiting; deploy bot detection/mitigation and fraud signals.
B) Observability Runtime Protection
Runtime Monitoring: Deploy vulnerability, misconfiguration, drift, and anomaly detection across clusters and services.
Telemetry Dashboards: Build real-time observability with Grafana , OpenTelemetry , and OpenSearch .
On-Call Escalations: Configure PagerDuty and ticketing (Jira/ServiceNow); reduce MTTR with clear ownership and runbooks.
IR Enablement: Partner with SOC/IR for evidence collection, triage, post-incident reviews, and improvement actions.
C) Splunk (Internal Team Support)
Log Onboarding Tuning: Integrate new data sources, perform field extractions, apply lifecycle policies; maintain index health. (Nice to have: ingest API gateway/WAAP/bot telemetry.)
Detection Engineering: Author/tune SPL searches and correlation rules; map detections to MITRE/CIS; reduce false positives.
Dashboards Reporting: Deliver detection/operations dashboards and automated compliance/audit reports.
Platform Care: Support upgrades, performance tuning, license utilization, and app maintenance.
D) Delivery, Documentation Stakeholders
Execution: Own Jira epics/stories; deliver against roadmap with measurable outcomes.
Docs Runbooks: Maintain Confluence runbooks, playbooks, standards, and architecture diagrams.
Communication: Provide weekly status, risk/issue tracking, and stakeholder updates (customer + internal).
Qualifications
Bachelor s in Computer Science, Cybersecurity, or related field; advanced degree a plus.
Hands-on DevSecOps experience across CI/CD, Kubernetes, and cloud-native platforms.
Strong IaC security and policy-as-code (Terraform/Helm/Git-based guardrails).
Kubernetes security (CIS, admission controls, image signing/attestations, RBAC, Pod Security admission, network policies).
Observability: Grafana , OpenTelemetry , OpenSearch ; on-call tooling ( PagerDuty ).
Splunk (Required): data onboarding, SPL, dashboards, correlation rules, compliance reporting, and performance tuning.
Scripting/automation (REST, CLI, Ansible , Terraform ); familiarity with SOAR, Jira/ServiceNow.
Experience with CNAPP/CSPM platforms ( Prisma Cloud and/or Wiz ).
API Bot Security (Strongly Preferred): API discovery/cataloging; API threat modeling; WAAP/edge/CDN policies; rate limiting; bot detection/mitigation fraud signals. Akamai/Cequence experience is a plus.
Strong troubleshooting, stakeholder communication, and cross-team collaboration skills.
