Splunk Engineer

About The Position

Requirements

• Proven experience in security architecture and delivering secure solutions aligned with business and regulatory requirements
• Strong background in cloud security, including: Protecting data on public cloud platforms from unauthorized access Implementing secure authentication, encryption, access controls, IDS/IPS, firewalls, etc.
• Hands-on experience with multi-cloud security architectures (infrastructure, tools, and cloud-based application security)
• Experience consulting and engineering security best practices across an organization
• Deep understanding of cloud security risks: data breaches, broken authentication, account hijacking, malicious insiders, third parties, APTs, data loss, DoS, etc.
• Strong threat analysis skills and ability to design solutions to mitigate security risks
• Knowledge and experience with NIST standards and ISO 27001
• Significant hands-on experience with Splunk: Creating alerts, dashboards, executive reports Acting as a lead or primary Splunk Engineer in an enterprise environment
• Ability to resolve complex security issues in diverse, decentralized environments and communicate clearly with technical and non-technical stakeholders
• Experience conducting forensic investigations on cyber incidents
• Experience creating/updating cloud security policies and standards
• Must be based in Texas
• Preference for Austin-area candidates, especially for potential full-time conversion (hybrid/on-site meetings as needed)

Nice To Haves

• Security Certifications: GSEC, CEH, CISA, CCSP, or similar
• Cloud Certifications: AWS Solutions Architect, cloud security certifications, OpenStack, or other relevant cloud certs
• Endpoint Detection & Response: Endgame, CrowdStrike, Cybereason or similar
• Email Threat Management: Proofpoint, Mimecast, Microsoft security stack
• SIEM tools beyond Splunk: Rapid7, Sumo Logic, etc.
• DLP / CASB tools: Symantec, Microsoft, Bitglass, Netskope
• Cloud network security tools: Cisco Umbrella, Palo Alto, Zscaler
• Familiarity with CJIS and other public sector / regulatory security environments

Responsibilities

• Manage data ingest, index health, and Splunk infrastructure performance
• Create and tune alerts, correlation searches, dashboards, and executive reports
• Add/modify Splunk alerts to triage notables using TTPs and threat intelligence
• Troubleshoot Splunk issues and drive continuous improvement of detections and visibility
• Design, implement, and manage security controls for public cloud platforms (primarily AWS, with exposure to Azure a plus)
• Secure AI/ML systems including model dev environments, training pipelines, APIs, and inference services
• Implement cloud security tooling (e.g., CSPM, CWPP, CIEM, container security, API security)
• Collaborate with engineering, DevOps, data science, and AI teams to embed security into CI/CD and MLOps workflows (DevSecOps / MLOps)
• Design and implement security measures to protect cloud-stored data (auth, encryption, ACLs, IDS/IPS, firewalls, etc.)
• Conduct security architecture reviews, threat modeling, and risk assessments for cloud and AI initiatives
• Monitor environments for security events, investigate alerts, and support incident response activities
• Conduct forensic investigations on cyberattacks to determine root cause and future prevention
• Create, review, and update security policies and standards for public/private/hybrid cloud contexts

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)