Splunk Enterprise Security Engineer
Job Description


At NTT DATA Business Solutions, we drive innovation – from advisory and implementation to managed services and beyond, powered by a global team of over 18,500 experts representing over 90 nations in more than 30 countries. With SAP at our core and a powerful ecosystem of partners like Microsoft and ServiceNow, we continuously improve solutions and AI-driven technology to make them work for companies – and for their people. 

We are part of NTT DATA, a $30+ billion business and technology services, AI and digital infrastructure leader. As a Global Top Employer, NTT DATA serves 75% of the Fortune Global 100 and, with experts in over 70 countries, co-innovates solutions that encourage experimentation and recognize great work. 

With us, you have endless opportunities to think big, act bold and take ownership. Make this the place where you belong, learn, and build your network. 

Make this the place where you grow. 


What makes us special:

What makes us special:

■ Team-oriented corporate culture, collaboration as equals and steady knowledge transfer
■ Diversity & Inclusion (e.g. various initiatives & communities)
■ Flexible working hours, (e.g. hybrid working)
■ Inhouse Academy with a variety of professional technical training, soft skills training, SAP Learning Hub and certification opportunities
■ Company health benefits (e.g. Health Insurance, Optical, Dental and Medical checkup benefits)

We are seeking a highly technical Splunk Enterprise Security (ES) Engineer who possesses strong hands-on expertise in both Splunk Enterprise and Splunk Enterprise Security (ES).

This role is ideal for candidates who have experience managing enterprise-scale Splunk environments and developing SIEM capabilities that support Security Operations Centre (SOC) teams. The successful candidate will act as the technical owner of the Splunk platform, driving platform stability, data quality, detection engineering, and continuous security monitoring improvements.

1.Splunk Enterprise Security Platform Ownership

  • Own and manage the Splunk Enterprise Security platform, ensuring availability, performance, and scalability.
      • Configure and maintain ES components including:
      • Correlation searches
      • Risk‑Based Alerting (RBA)
      • Notable events
      • Adaptive Response Actions
      • Dashboards and KPIs
      • Perform regular health checks and optimisation of Splunk ES and core Splunk infrastructure.

2. Data Onboarding & Normalisation

  • Lead onboarding of security‑relevant data sources (e.g. firewalls, EDR, IAM, servers, cloud platforms, applications).
  • Ensure data quality, timestamp accuracy, CIM compliance, and consistent field extractions.
  • Troubleshoot ingestion, parsing, and indexing issues in collaboration with infrastructure and application teams.

3. Detection Engineering & Use Case Development

  • Develop, customise, and tune detection use cases aligned with SOC requirements, including:
      • Authentication attacks (brute force, credential abuse)
      • Privileged account misuse
      • Malware and endpoint threats
      • Lateral movement and suspicious network activity
      • Data exfiltration and policy violations
      • Implement and mature Risk‑Based Alerting to reduce alert fatigue and improve signal‑to‑noise ratio.
      • Continuously tune correlation searches based on false positives, analyst feedback, and threat intelligence.

4. SOC Enablement & Collaboration

  • Work closely with SOC analysts to support:
      • Alert triage
      • Investigations
      • Incident response workflows
  • Translate SOC detection requirements into effective Splunk ES content.
  • Provide guidance and training to SOC analysts on using Splunk ES for investigations.

5. Automation & Integrations

  • Implement automation and enrichment using:
      • Splunk ES Adaptive Response
      • SOAR or scripting where applicable
  • Integrate Splunk ES with ITSM / ticketing tools and other security platforms.
  • Enable threat intelligence enrichment and contextual data for alerts.

6. Reporting, Metrics & Governance

  • Build and maintain dashboards for:
      • SOC performance metrics (MTTD, MTTR, alert volumes)
      • Detection coverage
      • Risk scores and trends
  • Support audit, compliance, and management reporting by providing evidence and documentation.
  • Maintain documentation for data sources, use cases, and SOC workflows.

Education/Experience/Skills

Technical Skills

  • Strong hands-on experience administering and supporting Splunk Enterprise and Splunk Enterprise Security (ES) in enterprise environments
  • Proven expertise in deploying, configuring, maintaining, and troubleshooting Splunk infrastructure, including:
    • Search Heads
    • Indexers
    • Heavy Forwarders
    • Universal Forwarders
    • Deployment Servers
    • Clustered Splunk environment
  • Experience performing Splunk platform upgrades, migrations, health checks, performance tuning, and capacity optimization.
  • Strong understanding of Splunk core technologies, including:
    •  SPL (Search Processing Language
    • Indexing and search optimization
    • Data Models
    • Common Information Model (CIM)
    • Knowledge Objects (Lookups, Macros, Event Types, Tags, Calculated Fields)
    • Hands-on experience with log collection, forwarding, and data onboarding from multiple technology domains, including security, infrastructure, application, cloud, and identity platforms.
    • Strong troubleshooting skills across the full data pipeline, including data ingestion, parsing, field extractions, timestamping, normalization, indexing, and search performance issues.
    • Experience developing and maintaining Splunk dashboards, reports, visualizations, and operational KPIs.
  • Strong hands-on experience with Splunk Enterprise Security components, including:
    • Correlation Searches
    • Risk-Based Alerting (RBA)
    • Notable Events
    • Adaptive Response Actions
    • Security Content Management
    • Dashboards and Security Monitoring
  • Experience onboarding and normalizing security data sources to CIM standards.
  • Experience designing, developing, tuning, and maintaining SIEM detection use cases aligned to SOC requirements.
  • Knowledge of network security, endpoint security, IAM, operating systems, cloud security, and threat detection methodologies.

Experience

  • Minimum 3 years of hands-on experience with Splunk Enterprise, including platform administration, deployment, upgrades, troubleshooting, and operational support.
  • Minimum 2 years of hands-on experience with Splunk Enterprise Security (ES) supporting enterprise security monitoring and detection engineering activities.
  • Proven experience managing and supporting production Splunk environments, ensuring platform availability, performance, scalability, and reliability.
  • Demonstrated experience onboarding and integrating security data sources into Splunk and Splunk Enterprise Security, including troubleshooting ingestion, parsing, normalization, and CIM compliance issues.
  • Experience developing, customizing, and tuning SIEM detection content, including:
    • Correlation Searches
    • Risk-Based Alerting (RBA)
    • Notable Events
    • Threat Detection Use Cases
  • Experience implementing detection use cases covering areas such as:
    • Authentication attacks
    • Privileged account misuse
    • Endpoint and malware threats
    • Suspicious network activity and lateral movement
    • Data exfiltration and policy violations
  • Experience working closely with SOC teams to improve threat detection capabilities, reduce false positives, and enhance the overall effectiveness of security monitoring.
  • Experience supporting incident detection, investigation, and response activities through effective use of Splunk Enterprise Security.
  • Experience conducting platform health checks, performance optimization, and continuous improvement of Splunk and Splunk ES environments.
  • Experience collaborating with infrastructure, application, and security teams to resolve technical issues and onboard new log sources.

Nice to Have

•    Splunk certifications (e.g. Splunk Core Certified Power User, Enterprise Security Certified Admin). 
•    Experience with SOAR platforms and security automation. 
•    Knowledge of MITRE ATT&CK framework and threat modelling. 
•    Experience operating SIEM in regulated or large enterprise environments. 

Personal Attributes

•    Strong analytical and problem-solving skills. 
•    Able to work collaboratively with SOC analysts and cross-functional teams. 
•    Proactive mindset with a focus on continuous improvement. 
•    Clear communicator, able to translate technical concepts to non-technical stakeholders. 
•    Willing to work in Cyberjaya, Selangor and able to travel if needed. 

 

 

 

Do you have questions?


We look forward to receiving your complete application documents stating your earliest start date.


Get empowered by NTT DATA Business Solutions!

 

Norshafina Zainuddin
Tel.: 
E-Mail: os-my-hr@bs.nttdata.com

 

We transform. SAP® solutions into Value

 

 

MY, Cyberjaya
Software Development