Job Description
We are seeking a proactive SIEM Engineer with a strong focus on Splunk engineering, detection
development, and cloud security operations. This role will support the organization’s security
monitoring and incident response capabilities by leveraging Splunk Enterprise Security (ES), Splunk
SOAR, and integrated cloud/security platforms across AWS and Azure environments.
The ideal candidate will contribute to the development and optimization of detections, dashboards, automation workflows, and data onboarding initiatives while assisting with troubleshooting and
maintaining distributed Splunk environments. This individual will work closely with SOC analysts,
cloud teams, and engineering stakeholders to improve security visibility, operational efficiency, and threat detection capabilities.
This position requires a blend of security operations experience and hands-on Splunk engineering skills, including data normalization, ingestion troubleshooting, search optimization, and security analytics development. The candidate should be comfortable operating in a fast-paced 24/7 security environment, participating in on-call rotations, and supporting continuous improvement initiatives across the security operations program.
Role Responsibilities
Splunk Engineering & Analytics:
• Develop, maintain, and optimize Splunk Enterprise Security (ES)
detections, dashboards, and correlation searches
• Support Splunk SOAR playbook development and automation workflows
• Assist with onboarding, parsing, normalization, and enrichment of security data sources into Splunk
• Troubleshoot Splunk ingestion pipelines, forwarder connectivity, search performance, and indexing issues
• Create and maintain knowledge objects including field extractions, lookups, event types, tags, and macros client Confidential
• Assist with Splunk configuration changes and troubleshooting across distributed Splunk environments
• Leverage data models and accelerated searches to improve detection and reporting performance
• Collaborate with SOC analysts and engineering teams to improve visibility, detection coverage, and operational efficiency
Incident Response & Operations:
• Incident response efforts, conducting deep-dive investigations into alerts
generated by our security stack.
• Coordinate with internal teams to contain and remediate threats.
• Participate in a scheduled on-call rotation to ensure 24/7 incident coverage and rapid response.
We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.
Required Skills & Experience
• Experience: Minimum of 5 years of professional experience in a SIEM
Engineering, Security Operations or Incident Response environment.
• Splunk Proficiency: Demonstrated ability to write complex SPL queries,
build/maintain production-grade dashboards, and perform data normalization within
Splunk Enterprise or Splunk Enterprise Security (ES).
• Technical Skills:
o Experience onboarding and integrating security data sources into Splunk.
Experience integrating security tools (e.g., AWS Security Hub) into a centralized SIEM.
o Understanding of Splunk knowledge objects, field extractions, lookups,
and CIM normalization.
• Operational Mindset: Ability to handle high-pressure incident response
scenarios and a willingness to participate in an on-call rotation.
• Communication: Proven ability to present technical findings and dashboard
insights to both technical and non-technical stakeholders.
Nice to Have Skills & Experience
• Splunk Enterprise Security (ES) Certified Admin and/or Splunk Core Certified
Power User.
• Security+ or equivalent
• Certifications such as GCIH, GCIA, or Azure/AWS Security certifications.
• Experience in a multi-cloud environment (AWS/Azure) specifically focusing on
identity and access management (Entra ID).
Benefit packages for this role will start on the 1st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.