Senior Splunk Security Engineer

Job role - Senior Splunk Security Engineer

Experience - 9 to 12 years

Location - Bangalore/chennai/pune

Primary Skills-

SIEM experience Splunk Admin (essential) and Azure Sentinel (proficiency in writing KQL and SPL; log sources, ingestion patters and correlation rules).
DevOps knowledge (Git / BitBucket / GitLab).Security Fundamentals (threat detection, incident response, threat intel; knowledge of the MITRE Att*ck framework and security operations).

Secondary Skills-
Scripting - Python, Shell.Compliance and governance awareness.Strong analytical and troubleshooting skills.Experience with working with cross functional teams (security, infra, compliance etc).

Role Overview:
The Splunk Engineer / Administrator will be responsible for designing, implementing, and maintaining Splunk environments, including SIEM, SOAR, and UEBA components. This role supports security operations by enabling advanced analytics, automation, and incident response capabilities.

Key Responsibilities:
SIEM (Splunk Enterprise Security):• Administer and optimize Splunk Enterprise Security (ES) for log management, ingestion, normalization, and correlation.• Develop and maintain dashboards, alerts, saved searches, and reports.• Onboard data sources and ensure CIM compliance.• Implement risk scoring models to identify suspicious access events and reduce false positives.SOAR (Security Orchestration, Automation, and Response):• Administer Splunk SOAR (formerly Phantom), including cluster and PostgresDB environments.• Develop and maintain playbooks for automated incident response.• Create Python-based custom functions to enhance playbook capabilities.• Integrate AI models to improve alerting and operational efficiency.UEBA (User and Entity Behavior Analytics):• Develop use cases and dashboards for behavior analytics.• Integrate UEBA models with Splunk ES and SOAR for enhanced threat detection.General Splunk Administration:• Install, configure, and troubleshoot Splunk components (indexers, search heads, forwarders).• Develop custom Splunk apps and add-ons using SPL, Python, SimpleXML, JavaScript, or Bash.• Monitor and troubleshoot performance issues.• Ensure compliance with ISO27001, ITIL, and internal security standards.

Required Skills & Experience:
• 5+ years of experience in Splunk administration and engineering.• Strong knowledge of Splunk architecture, SPL, and data modeling.• Experience with Python, Bash, and web technologies (JavaScript, CSS).• Familiarity with SIEM, SOAR, and UEBA concepts and tools.• Experience in a Cyber Security Operations Center (CSOC) is a plus.

Certifications:
• Splunk Enterprise Certified Architect (Required)• Splunk ES Administration Certification (Required)• Splunk SOAR Administration Certification (Required)• Splunk UEBA Administration Certification (Required)• Splunk Core Certified Consultant (Preferred)