Sr Splunk SIEM Engineer

Position: Sr. Splunk SIEM Engineer
Location: Remote
Length: 6+ Months

Job Description:
Key Responsibilities:

• Monitor and ensure timely detection and notification of all threats within the customer environment using Splunk SIEM.
• Deliver customer-specific requirements, adhering to agreed service level agreements (SLAs).
• Understand customer expectations and translate them into actionable service outcomes.
• Manage the scope of work, including scheduled and ad-hoc deliverables, and track deviations effectively.
• Collaborate with platform administrators to onboard new log sources, maintain the health of the Splunk infrastructure, and ensure seamless integration of devices.
• Develop and maintain threat detection scenarios and procedures aligned with industry best practices and customer requirements.
• Leverage strong analytical and technical skills to enhance computer network defense operations, including Splunk query creation and advanced threat detection techniques.
• Handle incidents by performing detection, analysis, triage, and resolution.
• Perform threat hunting using Splunk's capabilities, identifying anomalous patterns, and managing content such as custom dashboards, alerts, and reports.
• Investigate security events, distinguishing actual incidents from false positives, and apply Splunk searches to enrich detection.

Maintain working knowledge of:

• Operating systems (Windows/Linux).
• Network technologies (firewalls, proxies, DNS, and NetFlow).
• Active Directory and identity-based attacks.
• Network protocols (TCP, UDP, ICMP, etc.) and routing principles.
• Common internet applications and standards (SMTP, DNS, DHCP, SQL, HTTP/HTTPS).

Gap Analysis and Continuous Improvement:

• Perform gap analysis to ensure all in-scope log sources are monitored effectively.
• Identify missing use cases, hunting models, or detection scenarios, ensuring the highest level of threat detection.
• Conduct domain-specific assessments to identify business-critical applications and technologies that require focused monitoring.

Customer Interaction and Coordination:

• Act as the first point of contact (FPOC) for client issues, responding promptly to queries and taking ownership until resolution.
• Facilitate log source onboarding or decommissioning and coordinate with internal teams to meet customer requirements.
• Maintain transparency and demonstrate the value of SOC operations during periodic reviews such as MIS and QBR meetings.

Performance Reporting:

• Ensure timely submission of operational reports and updates on new use cases, proactive threat detection initiatives, and Splunk feature enhancements.
• Present SOC achievements and areas of improvement to stakeholders, highlighting the Managed Detection and Response (MDR) value.

Candidate Requirements:

• Minimum 10 years of total experience, with at least 8 years in a Security Operations Center (SOC) environment.
• At least 6 years of experience in customer-facing roles.
• Strong understanding of SIEM concepts, with hands-on experience in Splunk (including data onboarding, dashboard creation, and custom alert configuration).
• Solid technical and operational knowledge in cybersecurity, including network security, log analysis, and incident response.
• Excellent verbal and written communication skills.

Qualifications:

• Bachelor's degree in engineering, preferably in IT or Computer Science (B.E./B.Tech).
• Multiple professional certifications preferred (e.g., CCNA, CEH, Splunk Core Certified User/Power User).

Work Schedule:

• General Shifts
• This role is a great opportunity for professionals with a strong Splunk SIEM background, leadership capabilities, and a commitment to delivering top-notch security operations and threat detection services.