LEVELOCITIRemote
Senior Splunk Security Data Engineer (Splunk ES & Cloud)
United States
Full Time
2 hours ago
$140,000 - $170,000 USD
H1B Sponsor
Key skills
Splunk CloudSIEM engineeringSecurity data engineeringSOAR automationThreat intelligence integrationCorrelation searchesScripting in PythonCollaboration with SOC teamsExperience in SOC environmentsPythonPowerShellData EngineeringSplunkSaaSCommunicationCollaborationFirewall
About this role
LEVELOCITI is an established national technology solutions integrator supporting mid-market and enterprise clients across various sectors. They are seeking a Senior Security Data Engineer to lead engineering initiatives for the Splunk platform, focusing on security telemetry engineering and automation in multiple customer environments.
Responsibilities:
- Administer and maintain Splunk Cloud and Splunk Enterprise Security across multiple environments
- Design and scale security telemetry ingestion pipelines using Universal Forwarders, HEC, parsing, and CIM normalization
- Ensure log data quality, visibility, and reliability across security telemetry sources
- Develop and tune correlation searches, detection logic, and risk-based alerting
- Engineer and maintain SOAR playbooks and automation workflows
- Manage threat intelligence ingestion and enrichment processes
- Collaborate with SOC teams to improve detection coverage and operational visibility
- Serve as a senior escalation point for platform-related issues
- Support customer onboarding and platform expansion
- Evaluate new technologies that strengthen and modernize the security platform
Requirements:
- Strong hands-on experience in SIEM engineering, security data engineering, or security platform engineering
- Deep experience administering Splunk Cloud and Splunk Enterprise Security
- Proven experience onboarding and normalizing log data at scale (UF, HEC, parsing, CIM)
- Experience building and tuning correlation searches, detections, or alerting logic
- Hands-on experience developing or maintaining SOAR playbooks and automation workflows
- Experience integrating threat intelligence feeds or enrichment pipelines
- Familiarity with common security telemetry sources including Windows, Linux, firewall/network logs, EDR platforms, cloud/SaaS environments, and identity providers
- Scripting ability in Python, PowerShell, or similar languages
- Strong communication skills and ability to collaborate with SOC teams and internal stakeholders
- Experience working within a SOC, MSP, or managed security environment
- Experience supporting multi-tenant security platforms
- Splunk or security-related certifications
- Exposure to detection engineering or purple team collaboration