Splunk security SME / detection engineer

- Concentrate on Splunk security logic, ensuring ongoing data quality and minimizing noise, while converting threat intelligence into actionable workflows for Tier 1/2 support - Emphasize data normalization and optimization specifically aimed at enhancing detection capabilities; Create automated analyzers and monitors in Splunk to maintain data in a healthy, functional state for detections - Develop a procedure for regular data model audits to enforce completeness of fields; Design and construct monitors that promptly alert the necessary team if data quality, field extraction, or log volume dips below acceptable standards to avert silent detection failures - Assist in deploying Out-Of-The-Box (OOTB) Enterprise Security rules and craft advanced SPL for customized correlation searches tailored to our environment - Offer direct support to ensure that all onboarded data is accurately mapped to the Splunk Common Information Model (CIM), facilitating efficient and precise detections - Methodically adjust alerts and underlying data to control the alert volume the appropriate team receives; Mitigate the most recognized false positives before the EMS integration goes live to avoid Tier 1 alert fatigue - Simplify complex security logic into straightforward, step-by-step playbooks and runbooks for use by the PCC team (for their Knowledge Base and EMS workflows) - Create thorough documentation regarding data analyzers, CIM mappings, and custom detections, providing practical knowledge transfer to ensure the internal team can sustain the environment post-engagement