Senior Cybersecurity Specialist - Splunk Platform Engineer

Senior Specialist - CyberSecurity

Role Summary

We are seeking a highly skilled and selfdriven Splunk Platform Engineer to own the engineering operations and continuous improvement of enterprisegrade Splunk environments Enterprise Cloud This role combines deep platform administration expertise with automation capabilities and SMElevel ownership The ideal candidate will serve as a trusted technical advisor to client stakeholders and act as a force multiplier across the SOC ecosystem ensuring platform resilience compliance readiness and operational excellence at scale

Key Responsibilities

1 Splunk Platform Engineering Administration

Endtoend administration of Splunk Enterprise v10x Splunk Cloud and Splunk ES including Search Heads Indexers Heavy Forwarders Deployment Server License Manager and Cluster Manager

Highavailability architectures with Search Head Clustering SHC for global data distribution

Proactive platform health monitoring CPU memory disk IO queueing indexing rate search concurrency replicationsearch factor with remediation of performance bottlenecks

Certificate lifecycle management SSLTLS generation deployment renewal and revocation across all Splunk components

Platform upgrades patching migrations with minimal downtime aligned to CAB governance and change management processes

Federated Search Ingest Actions implementation data pipeline optimization for hybridmulticloud ingestion strategies

Cloud platform integrations Azure Event Hub AWS S3 for modern telemetry onboarding and data lake initiatives

User access RBAC management authentication integrations SSOLDAPSAML via Okta CIM compliance across all data sources

2 Security Data Onboarding

Security data source onboarding Microsoft Defender CyberArk O365 Zscaler Cisco Secure Access OTIoT with parsing accuracy and CIM normalization

Parser development field extraction propsconftransformsconf source type configuration and indextime transformations

Log enrichment complianceaware logging aligned to ISO 27001 GDPR NIST regulatory requirements

3 SOAR Platform Engineering Security Automation

Splunk SOAR platform administration manage connectivity app integrations 300 tools and operational readiness of the automation engine

SOARSIEM pipeline integration with thirdparty security tools EDR Identity Cloud to accelerate incident response and reduce MTTR

4 Automation DevOps Operational Engineering

Automation scripting using Python BashShell and Ansible for Upgrading provisioning configuration management certificate rotation and operational tasks

Operational efficiency improvements reducing manual intervention improving MTTR and enhancing platform reliability

5 SME Leadership Governance Mentorship

Subject Matter Expert SME escalation point for critical incidents data outages ingestion failures and platform degradations

Platform initiatives leadership license optimization ingestion reduction storage tiering HotWarmColdFrozen and capacity planning

Mentorship of junior engineers knowledge transfers technical reviews and enablement sessions

Architectural documentation audit support provide technical evidence for ISO 27001 GDPR audits maintain SOPs and system diagrams

Technical liaison between SOC IT Infrastructure and client leadership CIOCISO for Splunkrelated roadmaps

6 Incident Management Service Delivery

ITSM ServiceNow incident management triage investigation resolution RCA inputs and coordination with resolver groups

Oncall support for critical platform incidents change management through approved CAB processes with rollback procedures

Platform KPIs SLIsSLOs tracking ingestion health search performance data freshness completeness and availability

Required Qualifications

CategoryRequirement

Experience812 years in ITCyberSecurity with 5 years handson Splunk platform engineering

EducationBachelors degree in Computer Science IT CyberSecurity or equivalent

Core ExpertiseSplunk Enterprise Cloud ES SOAR SPL CIM Clustering SHCIDC

ScriptingPython BashShell Ansible automationgrade proficiency

Cloud PlatformsAzure Event Hub Sentinel AWS S3 CloudWatch GCP awareness

Security FrameworksMITRE ATTCK NIST CSF ISO 27001 GDPR

ITSM OSServiceNow Linux RHELCentOSUbuntu Windows Server

Certification Requirements

Mandatory at least one from each category

CategoryCertifications

SplunkSplunk Enterprise Certified Admin required Architect preferred Power User baseline

SecurityCISM or CISSP at least one required

Preferred ValueAdded

CategoryCertifications

ComplianceISO 27001 Lead Implementer Lead Auditor GDPR Practitioner

CloudAZ900 AZ104 AZ500 AWS Cloud Practitioner Security Specialty

DevOpsPython Ansible DevOpsrelated certifications