Splunk Detection Engineer

Significant experience with Splunk and Splunk Enterprise Security Significant experience with event logging solutions (e.g., Splunk Universal Forwarder, syslog, Cribl) Experience with ticketing/case management Experience with Git pipelines Familiarity with using Linux CLI Ability to craft queries using common languages (regex, JSON, APIs) Basic scripting in Python/PowerShell/Bash Strong analytical, problem-solving, and communication skills Ability to operate under pressure in a shift or on-call environment Strong grasp of TCP/IP, OSI model, and common protocols (HTTP, DNS, SMTP) Windows/Linux/macOS fundamentals Active Directory/Azure AD concepts Basic cloud logging Experience in system and network administration Relevant cybersecurity experience including investigations and data analysis Experience with SOAR tools and automation development Experience using identity security/management tools Cloud security experience

Integrate new data sources Validate and create CIM compliant logs Process requests for new detections Analyze existing logs for gaps Add and maintain threat feeds Monitor performance and tune detections Manage asset and identity inventory Create and maintain new Splunk apps Recommend additions or changes to Splunk Develop searches, reports, and functionalities Assist users with creating and optimizing searches and dashboards Mentor others in development Attend online/Teams meetings Provide status on tasks, suggest improvements, and discuss implementation