Senior Splunk Enterprise Security Engineer

Role: Senior Splunk Enterprise Security Engineer

Onsite Role in Irving, TX

W2 Role

JD:

We are seeking a Senior Splunk Enterprise Security Engineer to join our Security Engineering & Architecture team in Irving, TX. In this high-impact individual contributor role, you will own the deployment, optimization, and day-to-day administration of the Splunk Enterprise Security (ES) platform across a cloud-based environment supporting a large-scale enterprise operation.

You will serve as the subject matter expert for Splunk ES, partnering with SOC analysts, threat intelligence teams, compliance stakeholders, and IT leadership to ensure the security monitoring platform delivers maximum visibility, reliability, and value. This is a hands-on, technically deep role suited for someone who thrives in complex, high-volume environments and takes pride in building resilient security infrastructure.

What You ll Do

• Lead the end-to-end administration of Splunk Enterprise Security across a cloud-hosted (AWS/Azure/Google Cloud Platform) deployment, including architecture decisions, capacity planning, performance tuning, and version upgrades.

• Design, implement, and maintain ES frameworks including notable event configurations, risk-based alerting, asset and identity correlation, and threat intelligence integrations.

• Develop and optimize correlation searches, dashboards, and investigation workflows to reduce alert fatigue and accelerate analyst response times.

• Drive data source onboarding and ensure CIM (Common Information Model) compliance for new and existing log sources across the enterprise.

• Partner with compliance teams to ensure Splunk ES configurations support PCI DSS, SOX, and NIST CSF audit and reporting requirements.

• Establish and maintain health monitoring for the Splunk environment, including search performance, indexing throughput, forwarder connectivity, and license utilization.

• Create and maintain operational documentation, runbooks, and knowledge base articles for Splunk ES administration and troubleshooting.

• Serve as the escalation point for complex Splunk issues and participate in incident response efforts during critical security events as needed.

• Evaluate and recommend new Splunk apps, add-ons, and integrations that strengthen the organization s security posture.

• Collaborate with Security Architecture peers to align Splunk ES capabilities with the broader security tooling ecosystem and long-term technology roadmap.

What You Bring

Required

• 5+ years of hands-on experience with Splunk platform administration, with significant depth in Splunk Enterprise Security.

• Active Splunk certifications required: Splunk Enterprise Certified Admin and/or Splunk ES Certified Admin.

• Proven experience managing Splunk deployments in cloud environments (AWS, Azure, or Google Cloud Platform).

• Deep understanding of security monitoring, log management, SIEM operations, and event correlation at enterprise scale.

• Working knowledge of PCI DSS, SOX, and NIST CSF compliance frameworks and how they translate into SIEM use cases and reporting requirements.

• Strong SPL (Search Processing Language) proficiency, including complex statistical commands, lookups, macros, and data models.

• Experience with Splunk infrastructure components: indexers, search heads, heavy/universal forwarders, deployment servers, and cluster management.

• Excellent communication skills with the ability to translate complex technical concepts for non-technical stakeholders.

Preferred

• Experience in large-scale, high-transaction-volume enterprise environments.

• Familiarity with Splunk SOAR and security automation/orchestration workflows.

• Background in detection engineering, threat hunting, or SOC operations.

• Additional certifications such as CISSP, GIAC (GCIA, GCIH), or cloud security credentials (AWS Security Specialty, AZ-500).

• Experience with Infrastructure as Code (Terraform, Ansible) for Splunk deployment management.

• Scripting proficiency in Python, Bash, or PowerShell for automation and custom integrations.

Work Environment & Expectations

• Full-time, on-site position based in Irving, TX.

• Occasional after-hours support may be required during active security incidents or critical platform maintenance windows.

• Standard business hours with flexibility around incident-driven needs.

Why Join Us

• Work at the intersection of security engineering and large-scale enterprise operations, protecting customers and transactions at scale.

• Access to continuous learning opportunities, conference attendance, and certification support.

• Be part of a team that values technical depth, operational excellence, and collaborative problem-solving.