Senior Engineer

About The Position

Requirements

• 5+ years experience administering large Splunk Enterprise or Splunk Cloud environments
• Strong hands-on knowledge of: Indexer clustering, search head clustering
• Strong hands-on knowledge of: SmartStore / S3-compatible object store design
• Strong hands-on knowledge of: Universal/heavy forwarder architecture
• Strong hands-on knowledge of: Ingest actions, parsing, props/transforms
• Strong hands-on knowledge of: KVStore, RBAC, SAML, encryption
• Deep experience with security log ingestion and SIEM use cases
• Strong SPL expertise, including: Search optimization
• Strong SPL expertise, including: Summary indexing / data model acceleration
• Strong SPL expertise, including: CIM mapping and field normalization
• Experience with Linux systems engineering, scripting (Python/Bash), and automation frameworks (Ansible, Terraform, GitOps preferred)

Nice To Haves

• Splunk certifications (Core Consultant, Enterprise Admin, Enterprise Architect, ES Analyst/ES Admin, or equivalent)
• Experience with: Enterprise Security (ES)
• Experience with: SOAR (Phantom or comparable)
• Experience with: AWS/Azure/GCP cloud logging architectures
• Familiarity with high-throughput message brokers (Kafka/FluentD/Cribl)
• Background in cybersecurity engineering or threat detection

Responsibilities

• Architect, operate, and optimize a distributed, large-scale Splunk environment (indexer clusters, search head clusters, cluster masters, deployment servers, IDM, ADFS/SAML integrations)
• Lead capacity planning, index design, data retention strategies, and SmartStore lifecycle management
• Maintain high availability, scaling, and resilience across multi-site deployments (including DR strategy)
• Drive Splunk version upgrades, app updates, cluster maintenance, and platform hardening
• Collaborate with SOC, Incident Response, and Threat Hunting teams to ensure high-quality security log ingestion
• Onboard and normalize logs from firewalls, EDR, identity platforms, cloud providers, network telemetry, and custom applications
• Develop and optimize detection content: correlation searches, risk-based alerting, data models, macros, lookups, summaries
• Ensure compliance with logging standards (MITRE ATT&CK mapping, CIS/SOC2/ISO27001 logging requirements)
• Build and manage ingestion pipelines, parsing, field extractions, CIM compliance, HEC configurations, and forwarder architecture
• Implement data lifecycle tiers, filtering strategies, routing, and ingestion controls to reduce cost and improve efficiency
• Optimize search performance, knowledge objects, summary indexing, and acceleration strategies
• Establish Splunk development standards, dashboards, and naming conventions
• Mentor junior engineers and act as a technical escalation point for the team
• Maintain documentation, operational runbooks, and logging onboarding guidelines
• Partner with Engineering, Cloud, SecOps, and App teams to drive company-wide observability maturity

Benefits

• Industry-leading benefits
• Access to paid time off
• Resources and support to our employees so they can make a genuine impact and contribute to the sustainable growth of our business and the communities we serve
• Bank of America is committed to help employees through the transition period when they’re displaced as a result of a workforce reduction, realignment or similar measure