Senior Splunk Engineer

- Design, implement, and sustain Splunk Enterprise, including indexers, search heads (SHC), cluster masters, deployment servers, and forwarders across both on-premises and AWS environments. - Create scalable data onboarding pipelines, ensuring proper parsing and indexing through props/transforms, HEC, UF/HF, and S3/SQS/SNS-based ingestion. - Enforce role-based access control (RBAC), manage data retention, and maintain index strategies and knowledge object governance in compliance with federal regulations. - Enhance search performance, accelerate data models, optimize KV store usage, and improve notable event throughput and latency in ES. - Develop and refine ES correlation searches, risk-based alerting, and adaptive response actions in line with MITRE ATT&CK frameworks. - Construct dashboards, conduct investigations, and streamline notable event workflows to minimize false positives and boost analyst efficiency. - Uphold CIM-compliant data models and spearhead normalization and data quality initiatives across various data sources like cloud, endpoint, and network. - Evaluate and report on the effectiveness of detection and response initiatives (MTTR, precision/recall, RBA risk scores, SLA adherence). - Design Splunk SOAR (Phantom) playbooks and applications with secure, scalable structures for threat triage, enrichment, and containment. - Coordinate ES notable events with automated triage and ServiceNow IR for incident generation, enrichment, SLA management, approvals, and documentation. - Develop AWS-centric detection and response strategies utilizing tools like GuardDuty, CloudTrail, and Security Hub; implement secure actions with necessary human approval processes. - Merge EDR and identity management platforms for host containment, IOC blocking, and remote response capabilities through APIs. - Lead Splunk deployments in AWS, focusing on scalability, multi-account and multi-region data ingestion, and cross-account automation through Boto3 and native services. - Standardize reusable Python modules, optimize SDK usage, and implement CI/CD best practices for application packaging and version management. - Align controls with FISMA/NIST RMF, FedRAMP, and CMMC requirements, ensuring continuous audit-readiness through comprehensive logging and approval tracking. - Oversee updates on Plans of Action and Milestones (POA&M), validate controls, and manage continuous monitoring dashboards. - Advocate for secrets management, least privilege access, and safe-response protocols throughout platform and automation development. - Convert SOC/IR playbooks (e.g., phishing response, malware handling) into reliable detection and automation strategies. - Mentor junior engineers and analysts, sharing expertise in SPL, ES content creation, CIM principles, and SOAR playbooks. - Collaborate with stakeholders to prioritize use cases and deliver measurable results. - Perform additional duties as required.