This role leads Cognizant's Splunk Enterprise Security delivery within a flagship engagement with one of the world's foremost enterprise security and observability companies. You will hold a senior position with direct client visibility and significant influence over detection engineering and platform strategy.
About the Role
We are looking for a Principal Technical Lead for Splunk Enterprise Security to own critical escalations, drive detection engineering excellence, and lead a team of senior engineers. This is a high-impact role combining deep technical depth with customer engagement and strategic leadership.
What You Will Do
Lead resolution of critical Splunk ES escalations with full end-to-end ownership
Provide hands-on support to Senior Engineers and Technical Leads for complex issues including correlation search failures, RBA anomalies, data model issues, and search performance
Engage directly with customers to drive resolution and maintain confidence during high-severity incidents
Validate RCA findings and recommend preventive and long-term solutions
Oversee correlation searches, detection logic, data model acceleration, and Splunk ES optimisation
Validate Splunk ES product updates and patches; assess impact on detection use cases and platform stability
Drive security monitoring strategy improvements and threat detection enhancements
Revise and update technical training programs based on product changes and RCA insights
Mentor engineers and drive a culture of technical excellence and continuous improvement
What You Bring
Deep expertise in Advanced SPL, cloud platforms (AWS/Azure/GCP), and Python/Shell scripting
Strong escalation ownership, stakeholder management, and customer communication skills
Proven experience in a technical leadership or managerial role
Certifications (Preferred) Splunk Certified Admin · Splunk Enterprise Security Certified Admin (Legacy preferred)
