Splunk Developer (SIEM Team)

About The Position

Requirements

• 3+ years of hands-on experience with Splunk Enterprise and/or Splunk Cloud.
• Strong experience writing advanced SPL queries, including joins, stats, tstats, transactions, and lookups.
• Experience developing and maintaining dashboards, alerts, reports, and saved searches.
• Experience implementing and managing data inputs via Syslog, HEC, and REST APIs.
• Strong understanding of indexes, sourcetypes, props.conf, and transforms.conf.
• Experience with Splunk performance tuning and search optimization.
• 2+ years of Python development experience.
• Experience working with REST APIs, JSON/XML parsing, and data normalization.
• Experience developing applications with React, including Hooks, Components, and State Management.
• Strong knowledge of JavaScript ES6+, HTML, and CSS.

Nice To Haves

• Experience with Splunk SOAR.
• Experience in Cyber Security, SIEM, or SOC environments.
• Experience integrating with cloud platforms (AWS, Azure, GCP).
• Experience integrating security tools such as EDR, IAM, and CI/CD solutions.
• Experience working with Git and CI/CD pipelines.
• Familiarity with Docker and Kubernetes.
• Splunk certifications (Power User, Admin, Architect).
• Academic degree in Computer Science, Information Systems, Cyber Security, or a related field.

Responsibilities

• Develop and maintain solutions on the Splunk platform.
• Design and build advanced dashboards, reports, alerts, and saved searches.
• Create, optimize, and maintain detection rules and monitoring content.
• Integrate and onboard new data sources using Syslog, HEC, REST APIs, and other ingestion methods.
• Develop backend components and automations using Python.
• Build and maintain internal operational tools and user interfaces using React.
• Perform performance tuning and search optimization across the Splunk environment.
• Collaborate with cyber security, infrastructure, and operations teams to improve monitoring and detection capabilities.