This role sits within Cognizant's strategic engagement with one of the world's foremost enterprise security and observability companies. You will work on complex enterprise SIEM environments, contributing directly to detection engineering and security platform operations at a global scale.
About the Role
We are seeking a Splunk Enterprise Security Engineer to investigate and resolve complex issues across our enterprise SIEM environment. This role requires deep hands-on expertise in Splunk ES, advanced SPL, and a strong security mindset to maintain detection accuracy, reduce false positives, and ensure platform reliability.
What You Will Do
Investigate and resolve complex issues including correlation search failures, missing or delayed notable events, Risk-Based Alerting (RBA) anomalies, and data model acceleration issues
Diagnose performance issues impacting dashboards, scheduled searches, and notable event generation
Utilise advanced SPL to trace the full detection lifecycle: raw data ingestion → CIM normalisation → data models → correlation searches → notable events
Optimise searches using tstats and data model acceleration to improve detection accuracy and efficiency
Manage and optimise CIM compliance, data model acceleration, and summaries
Ensure correct data mapping, field extraction, and normalisation
Design, troubleshoot, and optimise correlation searches, risk rules, and scoring mechanisms
Investigate and resolve Search Head Cluster issues including captain election problems, configuration sync failures, and knowledge bundle replication delays
Monitor and tune scheduler performance to avoid skipped searches and prevent resource contention
What You Bring
Strong hands-on Splunk Enterprise Security experience
Experience in large-scale enterprise SIEM deployments
Expertise in Advanced SPL, Data Model Acceleration, CIM, and correlation searches
Knowledge of RBA, Search Head Clustering, tstats, and scheduler tuning
Understanding of security frameworks and compliance standards
Networking fundamentals (TCP/IP, DNS, HTTP/S)
Technical Skills Splunk ES · Advanced SPL · SHC · CIM · tstats · RBA · AWS/Azure/GCP · JIRA · Git
