Design, implement, and maintain Splunk infrastructure and data ingestion pipelines.
Onboard and normalize log sources using Splunk Common Information Models (CIM).
Configure and manage Splunk Forwarders, HEC inputs, API integrations, and data collection mechanisms.
Develop and maintain dashboards for monitoring log quality, ingestion health, and platform performance.
Support Detection Engineering teams by ensuring high-quality and detection-ready telemetry.
Deploy, tune, and maintain Splunk Enterprise Security correlation searches and detection content.
Implement and optimize Risk-Based Alerting (RBA) to improve detection effectiveness and reduce alert fatigue.
Manage index retention, storage optimization, and data lifecycle management.
Troubleshoot and resolve data ingestion, parsing, and pipeline-related issues.
Collaborate with security, engineering, and operations teams to improve visibility and monitoring capabilities.

3+ years of experience working with Splunk Administration, Engineering, or SIEM Operations.
Strong knowledge of SPL (Search Processing Language) and query optimization.
Hands-on experience with Splunk Enterprise Security (ES).
Experience onboarding and normalizing data sources using CIM.
Knowledge of Splunk Forwarders, HEC, API-based integrations, and data ingestion best practices.
Experience managing indexes, retention policies, and storage optimization.
Understanding of security operations, threat detection, and monitoring workflows.
Strong troubleshooting and problem-solving abilities.
Excellent communication and collaboration skills.

Splunk Engineer

Key skills