This is a fully remote position, open to applicants in India.

• Design, develop, and sustain the Splunk infrastructure along with data ingestion pipelines.

• Onboard and standardize log sources utilizing Splunk Common Information Models (CIM).

• Configure and oversee Splunk Forwarders, HEC inputs, API integrations, and various data collection methods.

• Create and maintain dashboards for monitoring log quality, ingestion health, and overall platform performance.

• Assist Detection Engineering teams by providing high-quality, detection-ready telemetry.

• Deploy, fine-tune, and maintain correlation searches and detection content within Splunk Enterprise Security.

• Implement and enhance Risk-Based Alerting (RBA) to boost detection efficiency and minimize alert fatigue.

• Manage index retention, optimize storage, and oversee data lifecycle management.

• Diagnose and address issues related to data ingestion, parsing, and pipelines.

• Collaborate with security, engineering, and operations teams to enhance visibility and monitoring capabilities.

• A minimum of 3 years of experience in Splunk Administration, Engineering, or SIEM Operations.

• In-depth knowledge of SPL (Search Processing Language) and query optimization techniques.

• Practical experience with Splunk Enterprise Security (ES).

• Familiarity with onboarding and normalizing data sources via CIM.

• Knowledge of Splunk Forwarders, HEC, API-based integrations, and best practices for data ingestion.

• Experience in managing indexes, retention policies, and optimizing storage.

• Understanding of security operations, threat detection, and monitoring processes.

• Strong troubleshooting and problem-solving skills.

• Excellent communication and collaboration abilities.

• Health insurance

• Professional development opportunities

Splunk Engineer

People also viewed