Senior Splunk Engineer
United States of America
Full Time
3 weeks ago
Visa Sponsor
Key skills
AIAnalyticsAWSAzureGCPTerraformAnsibleSplunkPerformance OptimizationCommunication
About this role
Arcova is a global cybersecurity and AI consulting firm dedicated to delivering comprehensive solutions that strengthen resilience and protect critical assets. The Senior Splunk Engineer will design, implement, and optimize Splunk environments for enterprise organizations, ensuring high-performance data ingestion, search, and analytics for real-time threat detection.
Responsibilities:
- Design and implement scalable Splunk architectures, including indexers, search heads, forwarders, and clustering
- Ensure high availability, performance optimization, and efficient data lifecycle management
- Lead the onboarding of diverse data sources (logs, metrics, events) into Splunk
- Normalize, parse, and enrich data to support effective search, correlation, and analytics
- Configure and optimize Splunk Enterprise Security (ES) to support advanced threat detection, correlation searches, and incident response workflows
- Develop dashboards, alerts, and use cases aligned to security operations needs
- Collaborate with security teams, IT operations, and executive stakeholders to translate business and security requirements into scalable Splunk solutions
- Communicate technical concepts clearly to non-technical audiences
- Mentor junior engineers and lead project workstreams
- Deliver high-quality documentation, including architecture diagrams, data flow designs, and operational runbooks
Requirements:
- Bachelor's degree in Computer Science, Information Security, or a related field
- Extensive hands-on experience with Splunk Enterprise and Splunk Enterprise Security in large-scale environments
- Strong understanding of distributed architectures, clustering, and performance tuning
- Deep knowledge of SPL (Search Processing Language), data modeling, and log management best practices
- Experience optimizing searches and building efficient dashboards
- Strong understanding of security operations, threat detection methodologies, and SIEM best practices
- Experience building and tuning detection use cases
- Exceptional verbal and written communication skills
- Ability to translate complex technical implementations into clear business value for stakeholders including CISOs, SOC leaders, and IT executives
- Splunk certifications such as Splunk Certified Architect or Splunk Certified Enterprise Security Admin are highly preferred
- Experience with cloud platforms (AWS, Azure, or GCP) and integrating Splunk in hybrid or cloud-native environments
- Familiarity with automation and Infrastructure as Code tools (e.g., Terraform, Ansible)
- Experience integrating threat intelligence feeds, SOAR platforms, and other security tools with Splunk