Key Responsibilities

We are seeking a dedicated Splunk Enterprise Security (ES) Engineer to work closely with the Security Operations Centre (SOC) team. This role is responsible for the design, implementation, optimisation, and day-to-day operation of Splunk ES to support threat detection, investigation, and incident response. The Splunk ES Engineer will act as the technical owner of Splunk ES, ensuring high-quality data onboarding, effective detection content, performant searches, and continuous tuning based on SOC feedback and the evolving threat landscape.

1. Splunk Enterprise Security Platform Ownership

• Own and manage the Splunk Enterprise Security platform, ensuring availability, performance, and scalability
  • Configure and maintain ES components including
  • Correlation searches
  • Risk-Based Alerting (RBA)
  • Notable events
  • Adaptive Response Actions
  • Dashboards and KPIs
  • Perform regular health checks and optimisation of Splunk ES and core Splunk infrastructure.

2. Data Onboarding & Normalisation

• Lead onboarding of security-relevant data sources (e.g. firewalls, EDR, IAM, servers, cloud platforms, applications).
• Ensure data quality, timestamp accuracy, CIM compliance, and consistent field extractions.
• Troubleshoot ingestion, parsing, and indexing issues in collaboration with infrastructure and application teams.

3.Detection Engineering & Use Case Development

• Develop, customise, and tune detection use cases aligned with SOC requirements, including:
  • Authentication attacks (brute force, credential abuse)
  • Privileged account misuse
  • Malware and endpoint threats
  • Lateral movement and suspicious network activityData exfiltration and policy violations
• Implement and mature Risk-Based Alerting to reduce alert fatigue and improve signal-to-noise ratio.
• Continuously tune correlation searches based on false positives, analyst feedback, and threat intelligence.

4. SOC Enablement & Collaboration

• Work closely with SOC analysts to support:
  • Alert triage
  • Investigations
  • Incident response workflows
• Translate SOC detection requirements into effective Splunk ES content.
• Provide guidance and training to SOC analysts on using Splunk ES for investigations.

5. Automation & Integrations

• Implement automation and enrichment using:
  • Splunk ES Adaptive Response
  • SOAR or scripting where applicable
• Integrate Splunk ES with ITSM / ticketing tools and other security platforms.
• Enable threat intelligence enrichment and contextual data for alerts.

6. Reporting, Metrics & Governance

• Build and maintain dashboards for:SOC performance metrics (MTTD, MTTR, alert volumes)
  • Detection coverage
  • Risk scores and trends
• Support audit, compliance, and management reporting by providing evidence and documentation.
• Maintain documentation for data sources, use cases, and SOC workflows.

Education/Experience/Skills

Technical Skills

• Strong hands-on experience with Splunk Enterprise Security in a SOC environment.
• Solid understanding of Splunk core concepts:
  • SPL (Search Processing Language)
  • Indexing, data models, CIM
  • Performance tuning and optimisation
• Experience onboarding and normalising security log sources.
• Knowledge of security domains: network security, endpoint security, IAM, operating systems, and cloud security.
• Familiarity with detection engineering and SOC operations.

Experience

• 3+ years of hands-on Splunk experience, with at least 2 years focused on Splunk ES.
• Proven experience supporting or working directly with a SOC team.
• Experience in incident detection, investigation, and response workflows.

Nice to Have

• Splunk certifications (e.g. Splunk Core Certified Power User, Enterprise Security Certified Admin).
• Experience with SOAR platforms and security automation.
• Knowledge of MITRE ATT&CK framework and threat modelling.
• Experience operating SIEM in regulated or large enterprise environments.

Personal Attributes

• Strong analytical and problem-solving skills.
• Able to work collaboratively with SOC analysts and cross-functional teams.
• Proactive mindset with a focus on continuous improvement.
• Clear communicator, able to translate technical concepts to non-technical stakeholders.
• Willing to work in Cyberjaya, Selangor and able to travel if needed.