Security Architect-SIEM Architect - Splunk

Job Description: SIEM Architect – Splunk

Roles and Responsibilities:

As a SIEM Architect with a focus on Splunk, you will be responsible for designing, implementing, and maintaining the organization's Security Information and Event Management (SIEM) architecture. You will play a key role in ensuring the scalability, reliability, and effectiveness of Splunk-based security monitoring solutions.

Key Responsibilities:

Design and architect Splunk-based SIEM solutions to meet organizational security requirements.

Lead the deployment and configuration of Splunk Enterprise and Splunk Enterprise Security (ES).

Define and implement data onboarding strategies for various log sources including servers, network devices, cloud platforms, and applications.

Develop and maintain Splunk architecture documentation including data flow diagrams, integration points, and system dependencies.

Collaborate with SOC, incident response, and IT teams to ensure effective threat detection and response capabilities.

Establish best practices for Splunk performance tuning, indexing strategies, and data retention policies.

Design and implement correlation rules, dashboards, and alerts to support security operations.

Ensure compliance with regulatory requirements by enabling audit logging and reporting capabilities.

Evaluate and integrate third-party tools and technologies with Splunk to enhance SIEM capabilities.

Provide guidance and mentorship to Splunk administrators and analysts on architecture and design principles.

Stay current with industry trends and emerging technologies in SIEM and cybersecurity.

Required Skills:

• Strong expertise in Splunk platform and its components.
• Experience with Splunk Enterprise Security (ES).
• Proficiency in SPL (Search Processing Language) for creating dashboards, alerts, and reports.
• Familiarity with security operations, incident response, and threat detection.
• Ability to onboard and integrate various data sources into Splunk.
• Knowledge of log management, parsing, and normalization techniques.
• Understanding of compliance requirements and audit reporting.
• Strong troubleshooting and performance optimization skills.
• Excellent communication and collaboration abilities.
• Relevant certifications (e.g., Splunk Certified Admin, Architect,) are a plus.

Sonali Sindhi

Whatsapp No.: +91-9634441110/

+65 60275492// [Confidential Information]