Sr Splunk Engineer (W2 Contract Only)

Role: Sr Splunk Engineer (Individual Contributor)

Location: Irving, TX

Duration: 12 Months

Job Description:

• Lead the end-to-end administration of Splunk Enterprise Security across a cloud-hosted (AWS/Azure/GCP) deployment, including architecture decisions, capacity planning, performance tuning, and version upgrades.
• Design, implement, and maintain ES frameworks including notable event configurations, risk-based alerting, asset and identity correlation, and threat intelligence integrations.
• Develop and optimize correlation searches, dashboards, and investigation workflows to reduce alert fatigue and accelerate analyst response times.
• Drive data source onboarding and ensure CIM (Common Information Model) compliance for new and existing log sources across the enterprise.
• Partner with compliance teams to ensure Splunk ES configurations directly support PCI DSS, SOX, and NIST CSF audit and reporting requirements.
• Establish and maintain health monitoring for the Splunk environment, including search performance, indexing throughput, forwarder connectivity, and license utilization.
• Create and maintain operational documentation, runbooks, and knowledge base articles for Splunk ES administration and troubleshooting.
• Serve as the escalation point for complex Splunk issues and participate in incident response efforts during critical security events as needed.
• Evaluate and recommend new Splunk apps, add-ons, and integrations that strengthen the organization’s security posture.
• Collaborate with Security Architecture peers to align Splunk ES capabilities with the broader security tooling ecosystem and long-term technology roadmap.

What You Bring

Required

• 5 years of hands-on experience with Splunk platform administration, with significant depth in Splunk Enterprise Security.
• Active Splunk certifications required: Splunk Enterprise Certified Admin and/or Splunk ES Certified Admin.
• Proven experience managing Splunk deployments in cloud environments (AWS, Azure, or GCP).
• Deep understanding of security monitoring, log management, SIEM operations, and event correlation at enterprise scale.
• Working knowledge of PCI DSS, SOX, and NIST CSF compliance frameworks and howthey translate into SIEM use cases and reporting requirements.
• Strong SPL (Search Processing Language) proficiency, including complex statisticalcommands, lookups, macros, and data models.
• Experience with Splunk infrastructure components: indexers, search heads, heavy/universal forwarders, deployment servers, and cluster management.
• Excellent communication skills with the ability to translate complex technical concepts for non-technical stakeholders.

Preferred

• Experience in large-scale retail or similarly complex, high-transaction-volume environments.
• Familiarity with Splunk SOAR (formerly Phantom) and security automation/orchestration workflows.
• Background in detection engineering, threat hunting, or SOC operations.
• Additional certifications such as CISSP, GIAC (GCIA, GCIH), or cloud security credentials (AWS Security Specialty, AZ-500).
• Experience with Infrastructure as Code (Terraform, Ansible) for Splunk deployment management.
• Scripting proficiency in Python, Bash, or PowerShell for automation and custom integrations.