Foundry Cyber Splunk Engineer Manager

company banner
Full Time

Job Description

Are you interested in improving the cyber and organizational risk profiles of leading companies? Do you want to be involved in delivering Managed Security Services including identifying unauthorized activities and intrusions in their networks in real time? Are you excited about rapidly changing operational environments, learning what you need to get the job done, and producing accurate and timely results?

If yes, then Deloitte's Foundry Managed Security Services team could be the place for you! Transparency, innovation, collaboration, sustainability: these are the hallmark issues shaping cyber initiatives today. Deloitte's Foundry MSS business is passionate about making an impact with lasting change. Delivering our industry leading services requires fresh thinking and a creative approach. We collaborate with teams from across our organization in order to bring the full breadth of Deloitte, its commercial and public sector expertise, to best support our clients. Our aspiration is to be the premier integrated services provider in helping to transform the cyber security services marketplace.

Our team is client focused and mission driven. As a Splunk Engineer in Deloitte's Foundry Managed Security Services, you'll work with our diverse teams of passionate professionals to help solve for some of today's toughest cybersecurity challenges to enable our clients to achieve business growth and manage risk.

Work you'll do

As a Splunk Engineer you will be managing and providing Splunk health and operational support, including supporting to architecture changes, app development & deployments and advanced content development.

You will be closely working with Security Operations Center (SOC), Content, TIA and ThreatConnect teams as an advanced escalation point in identifying and addressing potential information security incidents leveraging Splunk Processing Language (SPL).
  • Perform Splunk configuration management, and troubleshooting, addressing complex issues and day to day operations management
  • Onboard security relevant data sources and develop new and custom parsers wherever a supported TA is not present
  • Perform Splunk architecture assessments and design reviews
  • Deploy and configure large scale Splunk infrastructure
  • Build custom Splunk app/TA based on customer requirements
  • Deliver Splunk advisory support and education to other SOC and technology management personnel
  • Assist in Security incident detection Use Case Roadmap development and update Use Cases in Use Case Repository
  • Build advanced Security Incident detection Use Cases, with or without Splunk ES
  • Create high quality and intuitive custom reports, dashboards using Splunk Processing Language (SPL)
  • Develop scripts, as needed, to simplify data collection and automate data onboarding tasks
  • Work on Splunk data models and make all ingested data CIM compliant
  • Create and/or perform quality review of HLUC, TUC, Use Case Testing, Parser, Runbooks, and other Technical documents
  • Create runbooks for analyst, guiding them to investigate notables/alerts
  • Provide 24/7 on-call support for Splunk infrastructure or performance related issues (as needed)
  • Mentor and train Junior Splunk Engineers
  • Coordinate with various technical groups and attend client meetings
  • Build relationships with client counterpart (i.e. Client Lead Security Engineer)
  • Adhere to internal operational security and other Deloitte policies
  • Participate in other short-term project work as assigned


  • Bachelor of engineering or Science in computers, information systems, information security, Math, decision sciences, risk management, or other business/technology disciplines or equivalent work experience
  • 8+ years' experience working as Splunk SME/engineer/developer.
  • Extensive experience in Splunk deployment, configuration, data ingestion, correlation alert creation, report and dashboard building on Splunk.
  • Knowledge of Splunk app development/config file customization
  • In-depth understanding on various Splunk components/configuration files
  • Strong analytical and problem-solving skills
  • Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
  • Understanding of common network infrastructure devices such as routers and switches Excellent interpersonal and organizational skills
  • Excellent oral and written communication skills
  • Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
  • Limited immigration sponsorship may be available
  • Ability to travel 10%, on average, based on the work you do and the clients and industries/sectors you serve

  • Splunk certified Admin or Architect
  • Cyber Security Certifications from EC-Council, COMPTIA, SANS, (ISC)2 etc.
  • Exposure to Splunk Enterprise Security/Splunk UEBA/Splunk MLTK
  • Knowledge and familiarity with leading Public Cloud platforms such as Azure, AWS, Google Cloud Platform


Company Information

Deloitte provides industry-leading audit, consulting, tax and advisory services to many of the world’s most admired brands, including nearly 90% of the Fortune 500® and more than 7,000 private companies. Our people come together for the greater good and work across the industry sectors that drive and shape today’s marketplace—delivering measurable and lasting results that help reinforce public trust in our capital markets, inspire clients to see challenges as opportunities to transform and thrive, and help lead the way toward a stronger economy and a healthier society. Deloitte is proud to be part of the largest global professional services network serving our clients in the markets that are most important to them. Now celebrating 175 years of service, our network of member firms spans more than 150 countries and territories. Learn how Deloitte’s more than 330,000 people worldwide connect for impact on our website.

Dice Id : 10106525
Position Id : 108188
Originally Posted : 3 weeks ago

Similar Positions at Deloitte

Cyber Endpoint Manager
  • Costa Mesa, CA
  • 11 hours ago
Cyber Endpoint Manager
  • Costa Mesa, CA
  • 11 hours ago
Cyber Risk Application Security Manager
  • Costa Mesa, CA
  • 11 hours ago
Cyber Strategy Wargame, Manager
  • Costa Mesa, CA
  • 11 hours ago
Data Privacy Solution Engineer, Cyber
  • Costa Mesa, CA
  • 11 hours ago