About Persistent
We are an AI-led, platform-driven Digital Engineering and Enterprise Modernization partner, combining deep technical expertise and industry experience to help our clients anticipate what?s next. Our offerings and proven solutions create a unique competitive advantage for our clients by giving them the power to see beyond and rise above. We work with many industry-leading organizations across the world, including 20 Fortune 50 companies and 4 of the 5 top banks in both the US and India, and numerous innovators across the healthcare ecosystem.
Our disruptor?s mindset, commitment to client success, and agility to thrive in the dynamic environment have enabled us to sustain our growth momentum. Persistent has been recognized across top industry platforms for innovation, leadership, and inclusion. We reported $1,654.4M FY26 revenue with 17.4% Y-o-Y growth. We have delivered 24 sequential quarters of growth with $436.0M in Q4 FY26 revenue, up 3.2% Q-o-Q and 16.2% Y-o-Y growth. Our 27,500+ global team members, located in 18 countries, have been instrumental in helping the market leaders transform their industries. We have been recognized as the Fastest Growing IT Services Brand Globally in the 2026 Brand Finance IT Services 25 Report. We named a Leader in the Everest Group Private Equity (PE) Services PEAK Matrix� Assessment 2026 and Software Product Engineering PEAK Matrix� Assessment 2026.
About Position:
The Splunk SIEM Administrator Content Engineering SME will be responsible for the design, administration, optimization, and continuous improvement of Splunk-based SIEM platforms supporting enterprise SOC operations. This role combines deep Splunk administration expertise with advanced detection engineering and use case development capabilities, ensuring high-quality security monitoring, threat detection, and incident response enablement.The candidate will act as a technical SME, supporting SOC teams, improving detection fidelity, reducing false positives, and ensuring the SIEM platform operates at scale with high availability, performance, and compliance.
Role: Security Analyst
Location: Pune
Experience: Between 5 to 8 Years
Job Type: Full Time Employment
What You'll Do:
-
Splunk SIEM Administration
-
Administer and maintain enterprise-scale Splunk SIEM infrastructure, including: o
-
Indexers, Search Heads, Cluster Masters, Deployment Servers, and Forwarders
-
Ensure high availability, scalability, and performance tuning of Splunk environments.
-
Perform capacity planning, indexing optimization, license monitoring, and data retention management.
-
Manage onboarding of log sources across security, infrastructure, application, cloud, and endpoint platforms.
-
Troubleshoot Splunk performance issues, ingestion delays, parsing errors, and search inefficiencies.
-
Implement Splunk upgrades, patches, and configuration changes in line with change management processes.
-
Ensure secure Splunk operations, including role-based access controls and data integrity. SIEM Content Engineering Detection Development
-
Design, develop, and maintain SIEM detection content, including: o
-
Correlation searcheso
-
Alertso
-
Risk-based alerts (RBA)o
-
Dashboards and reports
-
Create and fine-tune security use cases aligned to threat models such as MITRE ATTCK.
-
Optimize existing detection rules to: o
-
Reduce false positiveso
-
Improve signal-to-noise ratioo
-
Enhance SOC analyst efficiency
-
Develop advanced SPL queries for threat detection, investigations, and hunting use cases.
-
Support onboarding and normalization of data models using CIM (Common Information Model). SOC Enablement Incident Support
-
Act as an SME for SOC analysts, providing L3 support for: o
-
SIEM-related incidentso
-
Alert logic clarificationo
-
Detection improvements
-
Support incident investigations by developing ad-hoc queries and forensic searches.
-
Collaborate with SOC, IR, Threat Intelligence, and Vulnerability Management teams to enhance detection coverage.
-
Provide guidance on detection gaps and recommend new use cases based on emerging threats. Monitoring, Reporting Compliance
-
Develop operational and executive dashboards for: o
-
SOC performance metricso
-
Alert trendso
-
Detection coverage
-
Support compliance and audit requirements by providing SIEM evidence, reports, and data extracts.
-
Ensure SIEM content and operations align with internal security policies and regulatory requirements. Continuous Improvement Leadership
-
Continuously assess SIEM maturity and recommend enhancements in: o
-
Detection logico
-
Architectureo
-
Data onboarding strategy
-
Mentor junior SIEM engineers and SOC analysts on Splunk and detection engineering best practices.
-
Participate in security reviews, tabletop exercises, and purple team initiatives.
-
Stay current with Splunk product updates, security threats, and detection engineering trends. Key Deliverables
-
Stable and optimized Splunk SIEM platform with high availability and performance
-
High-quality detection content with measurable reduction in false positives
-
New and enhanced security use cases aligned to threat landscape
-
SOC dashboards and actionable reports
-
SIEM documentation, runbooks, and operational guides
-
Audit-ready evidence and compliance reports
Expertise You'll Bring:
-
Technical Skills1012 years of experience in SOC and SIEM operations
-
Hands-on expertise in Splunk Enterprise / Splunk ES administration
-
Strong proficiency in SPL (Search Processing Language)
-
Experience with: o
-
Splunk ESo
-
CIM data modelso
-
Risk-based alertingo
-
Log onboarding and normalization
-
Solid understanding of: o
-
Network, endpoint, cloud, and application security logso
-
Incident response and SOC workflows
-
Familiarity with MITRE ATTCK, threat detection, and security analytics Certifications (Mandatory)
-
Splunk Certified Power User / Admin / Architect / ES Certified (at least one required)
-
Experience working in large enterprise or MSSP SOC environments
-
Exposure to cloud security logging (AWS, Azure, GCP)
-
Knowledge of SOAR integrations and automation use cases
-
Certifications such as GCED, GCIA, GCIH, or equivalent (nice to have) Work Model Location
-
Work From Office (WFO) Pune
Education: Bachelor?s or Master?s degree in Computer Science, Engineering, or a related field.
Benefits:
-
Competitive salary and benefits package
-
Culture focused on talent development with quarterly growth opportunities and company-sponsored higher education and certifications
-
Opportunity to work with cutting-edge technologies
-
Employee engagement initiatives such as project parties, flexible work hours, and Long Service awards
-
Annual health check-ups
-
Insurance coverage: group term life, personal accident, and Mediclaim hospitalization for self, spouse, two children, and parents
Values-Driven, People-Centric & Inclusive Work Environment:
Persistent is dedicated to fostering diversity and inclusion in the workplace. We invite applications from all qualified individuals, including those with disabilities, and regardless of gender or gender preference. We welcome diverse candidates from all backgrounds.
-
We support hybrid work and flexible hours to fit diverse lifestyles.
-
Our office is accessibility-friendly, with ergonomic setups and assistive technologies to support employees with physical disabilities.
-
If you are a person with disabilities and have specific requirements, please inform us during the application process or at any time during your employment
Let?s unleash your full potential at Persistent - persistent.com/careers
?Persistent is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind.?
