Senior SIEM & SOAR Expert – Splunk Cloud

Title: Senior SIEM & SOAR Expert – Splunk CloudLocation: Noida/Bangalore/RemoteDuration: ContractWe are seeking a highly experienced SIEM & SOAR expert to lead our transition from Devo to Splunk Cloud and own the end to end SIEM lifecycle. This role requires deep expertise in Splunk infrastructure, data onboarding, parsing, noise reduction, and use case engineering, with a strong focus on security outcomes, scalability, and operational efficiency.Key ResponsibilitiesSplunk Architecture & OperationsDesign, implement, and manage Splunk Cloud architecture, ensuring scalability, performance, and high availabilityOwn Splunk infra components including data pipelines, index management, retention, and cost optimizationAct as the technical authority for Splunk platform governance and best practicesData Ingestion & NormalizationLead onboarding of diverse log sources (security, infra, cloud, SaaS, endpoints, IAM, network)Build and optimize parsing, field extractions, CIM compliance, and data normalizationEnsure high data quality, reliability, and consistency across sourcesNoise Reduction & Signal OptimizationDrive alert noise compression, deduplication, and tuning strategiesOptimize correlation logic to improve signal to noise ratio and SOC efficiencyContinuously refine detections based on threat trends and operational feedbackUse Case & Detection EngineeringDesign and implement high fidelity security use cases mapped to MITRE ATT&CKBuild advanced correlation searches, dashboards, reports, and KPIsPartner with SOC and IR teams to operationalize detections and response workflowsSOAR Integration & AutomationIntegrate Splunk with SOAR platforms to enable automated triage and responseDesign playbooks for common security incidents to reduce MTTRCollaborate with security, infra, and app teams to drive automation adoptionMigration & Stakeholder LeadershipLead SIEM migration strategy from Devo to Splunk CloudProvide technical leadership, documentation, and mentoringEngage with stakeholders, vendors, and leadership to align SIEM strategy with business riskRequired Experience & Skills10+ years of hands on experience in SIEM engineering and operationsDeep expertise in Splunk Cloud (architecture, administration, tuning, and optimization)Strong experience with data ingestion, parsing, field extraction, and CIMProven ability in noise reduction, alert tuning, and use case engineeringHands on experience with SOAR tools and security automationStrong understanding of security operations, threat detection, and incident responseExperience working in large scale enterprise environmentsEducationBachelor’s degree (B.Tech / B.E) in Computer Science, Information Technology, Cybersecurity, or a related field

Apply Now