CyberSecurity
Contractor - W2
Job Description
Role Overview
We are seeking an experienced Senior Cybersecurity Engineer – Splunk with deep expertise in designing, implementing, and optimizing enterprise-scale SIEM and observability platforms. This role will lead the architecture and operations of Splunk Enterprise environments, data optimization and enabling advanced security monitoring across cloud and on-prem ecosystems.
The ideal candidate will bring strong hands-on experience across Splunk architecture, cybersecurity frameworks, cloud platforms, and data engineering, with the ability to drive both strategic initiatives and day-to-day operations.
Key Responsibilities
Splunk Architecture & Engineering
- Design, deploy, and manage enterprise-scale Splunk environments including:
- Indexer Clusters
- Search Head Clusters
- License Master, Cluster Master, Deployment Server, Deployer
- Heavy Forwarders and Universal Forwarders
- Perform installation, configuration, and support of Splunk across Linux and Windows environments
- Lead capacity planning and scaling strategies for Splunk infrastructure
- Ensure high availability, performance, and resilience of the Splunk platform
Security Monitoring & SIEM Operations
- Implement and support Splunk Enterprise Security (ES) and other premium apps (ITSI, UBA, TrackMe)
- Develop and maintain alerts, dashboards, reports, and correlation searches
- Troubleshoot and resolve issues related to alerts, dashboards, and search performance
- Support SOC operations and incident response through advanced log analytics
Data Optimization
- Design and implement pipelines for log routing, filtering, and transformation
- Reduce data ingestion volume and optimize Splunk licensing costs
- Filter unnecessary data at forwarder level (Heavy Forwarders) to improve efficiency
- Manage Cribl installation, configuration, and ongoing support
Stakeholder Collaboration & Support
- Work with business stakeholders to gather security and monitoring requirements
- Support developers and users by troubleshooting platform and data issues
- Provide guidance on data onboarding, filtering, and optimization strategies
- Lead Splunk POCs, implementations, and operational support initiatives
Required Qualifications
- 8–10+ years of experience with Splunk (Engineering, Architecture, Administration)
- Strong expertise in:
- Splunk Enterprise architecture and clustering
- Splunk Enterprise Security (ES)
- Log ingestion, parsing, and data modeling
- Experience with cloud platforms: AWS, Azure, or GCP
Preferred Qualifications
- Splunk certifications (e.g., Splunk Architect, Splunk Admin, Power User)
- Experience with Splunk SOAR / Phantom
- Experience with DevSecOps and Infrastructure as Code
- Background in enterprise data platforms and analytics
Job Requirements
Role Overview
We are seeking an experienced Senior Cybersecurity Engineer – Splunk with deep expertise in designing, implementing, and optimizing enterprise-scale SIEM and observability platforms. This role will lead the architecture and operations of Splunk Enterprise environments, data optimization and enabling advanced security monitoring across cloud and on-prem ecosystems.
The ideal candidate will bring strong hands-on experience across Splunk architecture, cybersecurity frameworks, cloud platforms, and data engineering, with the ability to drive both strategic initiatives and day-to-day operations.
Key Responsibilities
Splunk Architecture & Engineering
- Design, deploy, and manage enterprise-scale Splunk environments including:
- Indexer Clusters
- Search Head Clusters
- License Master, Cluster Master, Deployment Server, Deployer
- Heavy Forwarders and Universal Forwarders
- Perform installation, configuration, and support of Splunk across Linux and Windows environments
- Lead capacity planning and scaling strategies for Splunk infrastructure
- Ensure high availability, performance, and resilience of the Splunk platform
Security Monitoring & SIEM Operations
- Implement and support Splunk Enterprise Security (ES) and other premium apps (ITSI, UBA, TrackMe)
- Develop and maintain alerts, dashboards, reports, and correlation searches
- Troubleshoot and resolve issues related to alerts, dashboards, and search performance
- Support SOC operations and incident response through advanced log analytics
Data Optimization
- Design and implement pipelines for log routing, filtering, and transformation
- Reduce data ingestion volume and optimize Splunk licensing costs
- Filter unnecessary data at forwarder level (Heavy Forwarders) to improve efficiency
- Manage Cribl installation, configuration, and ongoing support
Stakeholder Collaboration & Support
- Work with business stakeholders to gather security and monitoring requirements
- Support developers and users by troubleshooting platform and data issues
- Provide guidance on data onboarding, filtering, and optimization strategies
- Lead Splunk POCs, implementations, and operational support initiatives
Required Qualifications
- 8–10+ years of experience with Splunk (Engineering, Architecture, Administration)
- Strong expertise in:
- Splunk Enterprise architecture and clustering
- Splunk Enterprise Security (ES)
- Log ingestion, parsing, and data modeling
- Experience with cloud platforms: AWS, Azure, or GCP
Preferred Qualifications
- Splunk certifications (e.g., Splunk Architect, Splunk Admin, Power User)
- Experience with Splunk SOAR / Phantom
- Experience with DevSecOps and Infrastructure as Code
- Background in enterprise data platforms and analytics