Splunk Enterprise Security Engineer

Title:
Senior Splunk Enterprise Security Engineer

Duration:
Long term

Location:
Irving ,TX

(ONLY W2)

• Lead end-to-end administration of Splunk Enterprise Security in AWS/Azure/GCP
• Perform capacity planning, performance tuning, and platform upgrades
• Manage indexers, search heads, forwarders, deployment servers, and clustering
• Develop and optimize correlation searches, notable events, dashboards, and workflows
• Implement risk-based alerting, asset & identity correlation, and threat intelligence integrations
• Onboard new log sources and ensure CIM compliance
• Monitor platform health (search performance, indexing, license usage, forwarder connectivity)
• Support PCI DSS, SOX, and NIST CSF reporting and audit requirements
• Create runbooks, SOPs, and operational documentation
• Act as escalation point for complex Splunk issues and support incident response
• Evaluate Splunk apps, add-ons, and SOAR integrations

• 5+ years of hands‑on Splunk administration with strong Splunk ES experience
• Active Splunk Enterprise Certified Admin and/or Splunk ES Certified Admin
• Experience managing Splunk in cloud environments (AWS, Azure, or GCP)
• Deep knowledge of SIEM operations, log management, and event correlation
• Experience with Splunk infrastructure components (indexers, search heads, forwarders, clustering)
• Knowledge of PCI DSS, SOX, and NIST CSF frameworks
• Strong communication and stakeholder collaboration skills

• Experience in large-scale retail or high‑transaction environments
• Familiarity with Splunk SOAR (Phantom)
• Background in SOC operations, detection engineering, or threat hunting
• Certifications:
  
  CISSP, GCIA, GCIH, AWS Security Specialty, AZ-500
• Experience with Infrastructure as Code for Splunk deployments