SIEM Engineer(Splunk Admin-- Cyber Security Domain)--Remote

Position : SIEM Engineer (Splunk Administrator--Cyber Security Domain)

Working Time : 06:00 PM to 03:00 AM IST(US EST Time zone)

Working Mode: Work From Home/Remote

Experience Level:

Responsibilities:

• Architect, deploy, and maintain Splunk for SIEM use cases including log ingestion, data normalization, and incident correlation.

• Manage and optimize Microsoft Defender for Endpoint, Identity, Cloud, Office 365, and other Defender tools to maximize protection and visibility.
• Develop custom queries, detection rules, workbooks, and automation playbooks to improve threat detection and response efficiency.
• Lead the design and implementation of security monitoring, including data connectors, analytics rules, and incident automation.
• Collaborate with threat analysts and incident response teams to triage, investigate, and respond to security alerts and incidents.
• Provide technical guidance in security best practices, incident response procedures, and threat hunting using Microsoft security tools.
• Continuously assess the security landscape and recommend improvements to policies, tools, and configurations.
• In addition to strong technical acumen, the ideal candidate will bring excellent communication and client-facing skills to collaborate directly with customers, understand their security needs, and deliver tailored solutions that align with their risk posture and compliance requirements.

Outcomes:

• Integration & Optimization: Integrate and optimize Splunk to improve visibility and automate threat detection workflows

• Threat Detection: Utilize Splunk AI-powered analytics to dashboard reports and automate critical reporting functions

• Automation & Playbook Development: Develop automated detection and response playbooks based on Microsoft data feeds, streamlining incident management and reducing time to resolution.
• Collaboration & Knowledge Sharing: Work closely with other security and IT teams to share threat intelligence, optimize SIEM use, and contribute to security strategy development.
• Reporting & Documentation: Develop and maintain dashboards, reports, and documentation related to Microsoft Sentinel deployment, performance, and incident metrics.
• Continuous Improvement: Continuously evaluate Microsoft Sentinel capabilities and other relevant security tools to recommend improvements and refine detection capabilities.

Required Qualifications:

• 4+ years of SIEM experience in Splunk

• Hands-on experience with other SIEM platforms (Splunk) and integrating them with endpoint security tools.

• Strong understanding of cybersecurity principles, threat detection, and SIEM management.
• Proficiency in scripting and automation (Python, PowerShell, etc.).
• Experience with cloud security (AWS, Azure, GCP) and cloud-native SIEM solutions is a plus.
• Bachelors degree in Computer Science, Information Security, or a related field (or equivalent experience)

Preferred Qualifications:

• 5+ years of experience in cybersecurity in a SOC or security engineering capacity.
• Proven hands-on expertise with Microsoft Sentinel and Microsoft Defender suite.
• Deep knowledge of Splunk Query Language (SPL) and building custom analytics rules and workbooks in Splunk.
• Strong experience in customer-facing roles.
• Experience with incident response, threat detection, and threat hunting techniques.
• Strong understanding of cloud security, especially in Azure environments.
• Familiarity with MITRE ATT&CK, NIST, and other security frameworks.
• Experience integrating Splunk with third-party solutions (e.g., threat intel feeds, ticketing systems).

Key Skills:

• Technical Skills: Microsoft Security platform, SIEM tools, security automation, machine learning for cybersecurity, network security.
• Analytical Skills: Strong ability to analyze large datasets and correlate logs/events.
• Communication Skills: Excellent verbal and written communication skills for collaborating with cross-functional teams and providing clear reporting.
• Problem-Solving: Strong troubleshooting skills with the ability to resolve complex security issues quickly and effectively.