About the Role
We are seeking an experienced
Splunk Architect/Consultant
to design, configure, and optimize our Security Command Center (SCC) environment. The role requires deep expertise in
Splunk Cloud, Enterprise Security (ES), and SOAR
, with the ability to deliver scalable, production-ready solutions aligned with enterprise security requirements.
This is a
consulting engagement
that blends hands-on implementation with strategic advisory. The consultant will work closely with customer stakeholders, guiding the project end-to-end while ensuring best practices and knowledge transfer.
Key Responsibilities
Architecture & Platform Setup
- Configure and implement
Splunk Cloud, ES, and SOAR
to establish a secure, scalable platform. - Validate existing Splunk implementation and provide optimization recommendations.
- Guide Cisco team on
data migration
and platform scalability strategies.
Data Onboarding & Normalization
- Develop and customize parsers for diverse log sources (infrastructure, applications, security devices).
- Ensure
data normalization and enrichment
for readiness in analytics and reporting.
Use Case & Security Content Development
- Develop tailored
security use cases
for threat detection, anomaly detection, compliance monitoring, and incident response. - Design, tune, and optimize
correlation rules
to minimize false positives and improve detection accuracy. - Create dashboards and reports for
SOC analysts
(operational visibility) and
executives
(strategic oversight).
SOAR & Automation
- Design workflows to streamline incident triage, escalation, and response.
- Implement
SOAR playbooks
for automation of repetitive tasks: alert enrichment, notifications, ticket creation, and threat intel lookups.
Governance & Knowledge Transfer
- Conduct
testing, validation, and knowledge transfer
with customer teams to ensure production readiness. - Lead
alignment workshops
with stakeholders to refine requirements and prioritize use cases. - Provide consultancy on
Splunk best practices
for scalability, security, and performance.
Required Experience
- 10+ years
in designing and implementing enterprise Splunk solutions. - Proven experience in
Financial Services, Telecom, and Government
domains. - Deep expertise in:
- Splunk Enterprise, ES, SOAR (Phantom), UBA
- Splunk architecture (Indexers, Search Heads, Clustering, UF/HF, Deployment Server)
- Data onboarding, parsing, correlation searches, dashboards, reports
- Security logging (syslog-ng, Windows Event, Linux Audit, custom integrations)
- Experience scaling Splunk to
terabytes of daily ingestion
. - Strong knowledge of
performance tuning, upgrades, troubleshooting, and Splunk Cloud/hybrid deployments
.
Desired Skills
- Ability to translate business and compliance requirements into actionable use cases.
- Strong consultancy and communication skills for stakeholder engagement.
- Experience leading workshops, knowledge transfer, and mentoring teams.
- Familiarity with broader SIEM/SOAR integration and SOC operations.
Why Join This Engagement?
- Lead a
high-visibility Splunk SCC build project
. - Work on enterprise-scale environments with complex data and security needs.
- Shape the future of security automation, analytics, and operational excellence.