Senior Splunk Enterprise Security Engineer

Role: Senior Splunk Enterprise Security Engineer

Location: Irving, TX

Duration: 06 Months

What You ll Do

• Lead the end-to-end administration of Splunk Enterprise Security across a cloud hosted (AWS/Azure/Google Cloud Platform) deployment, including architecture decisions, capacity planning, performance tuning, and version upgrades.
• Design, implement, and maintain ES frameworks including notable event configurations, risk-based alerting, asset and identity correlation, and threat intelligence integrations.
• Develop and optimize correlation searches, dashboards, and investigation workflows to reduce alert fatigue and accelerate analyst response times.
• Drive data source onboarding and ensure CIM (Common Information Model) compliance for new and existing log sources across the enterprise.
• Partner with compliance teams to ensure Splunk ES configurations directly support PCI DSS, SOX, and NIST CSF audit and reporting requirements.
• Establish and maintain health monitoring for the Splunk environment, including search performance, indexing throughput, forwarder connectivity, and license utilization.
• Create and maintain operational documentation, runbooks, and knowledge base articles for Splunk ES administration and troubleshooting.
• Serve as the escalation point for complex Splunk issues and participate in incident response efforts during critical security events as needed.
• Evaluate and recommend new Splunk apps, add-ons, and integrations that strengthen the organization s security posture.
• Collaborate with Security Architecture peers to align Splunk ES capabilities with the broader security tooling ecosystem and long-term technology roadmap.

What You Bring

Required

• 5+ years of hands-on experience with Splunk platform administration, with significant depth in Splunk Enterprise Security.
• Active Splunk certifications required: Splunk Enterprise Certified Admin and/or Splunk ES Certified Admin.
• Proven experience managing Splunk deployments in cloud environments (AWS, Azure, or Google Cloud Platform).
• Deep understanding of security monitoring, log management, SIEM operations, and event correlation at enterprise scale.
• Working knowledge of PCI DSS, SOX, and NIST CSF compliance frameworks and how they translate into SIEM use cases and reporting requirements.
• Strong SPL (Search Processing Language) proficiency, including complex statistical commands, lookups, macros, and data models.
• Experience with Splunk infrastructure components: indexers, search heads, heavy/universal forwarders, deployment servers, and cluster management.
• Excellent communication skills with the ability to translate complex technical concepts for non-technical stakeholders.

Preferred

• Experience in large-scale retail or similarly complex, high-transaction-volume environments.
• Familiarity with Splunk SOAR (formerly Phantom) and security automation/orchestration workflows.
• Background in detection engineering, threat hunting, or SOC operations.
• Additional certifications such as CISSP, GIAC (GCIA, GCIH), or cloud security credentials (AWS Security Specialty, AZ-500).
• Experience with Infrastructure as Code (Terraform, Ansible) for Splunk deployment management.
• Scripting proficiency in Python, Bash, or PowerShell for automation and custom integrations.

Work Environment & Expectations

• This is an on-site position based in Irving, TX.
• Occasional after-hours support may be required during active security incidents or critical platform maintenance windows.
• Standard business hours with flexibility around incident-driven needs.

Why Join Us

• Work at the intersection of security engineering and enterprise retail operations, protecting millions of customers and transactions daily.
• Access to continuous learning opportunities, conference attendance, and certification support.
• Be part of a team that values technical depth, operational excellence, and collaborative problem-solving.