**Introduction** Information and Data are some of the most important organisational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analysing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organisation with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world. **Your role and responsibilities** Job Role and Responsibility: As a Senior Splunk Cybersecurity Specialist, you will be responsible for the overall health, performance, and strategic utilization of our Splunk platform. You will lead initiatives to onboard new data sources, develop advanced security dashboards and alerts, and provide expert guidance on leveraging Splunk for threat hunting, incident analysis, and compliance reporting. Your leadership will be key in shaping our Splunk roadmap and ensuring it aligns with our evolving security needs. Responsibilities and Duties: · Design, implement, and maintain a scalable and highly available Splunk infrastructure. · Onboard and normalize diverse data sources into Splunk, ensuring data integrity and accuracy. · Develop and optimize complex Splunk search queries, dashboards, alerts, and reports to provide actionable security insights. · Create and maintain Splunk security content, including correlation rules, threat intelligence integrations, and anomaly detection logic. · Perform advanced threat hunting and incident analysis using Splunk. · Collaborate with security analysts and incident responders to provide Splunk expertise during investigations. · Develop and maintain comprehensive documentation for the Splunk environment and its configurations. · Stay up-to-date with the latest Splunk features, security trends, and best practices. · Provide mentorship and guidance to junior team members on Splunk-related tasks. · Contribute to the development and implementation of security policies and procedures. · Participate in security architecture reviews and provide input on Splunk integration with other security tools. · Troubleshoot and resolve Splunk performance and operational issues. Contribute to compliance efforts by developing and maintaining Splunk-based reports and audit trails. **Required technical and professional expertise** Required Professional and Technical Expertise: · Proven experience (typically 5+ years) in a cybersecurity role with a strong focus on Splunk administration and engineering. · Deep understanding of Splunk architecture, components, and best practices for deployment and maintenance. · Proficiency in developing complex Splunk search processing language (SPL) queries, dashboards, and visualizations. · Experience with Splunk Enterprise Security (ES) and its correlation rules, risk framework, and notable events. · Solid understanding of security concepts, frameworks (e.g., MITRE ATT&CK), and common attack vectors. · Experience onboarding and troubleshooting various data sources, including security logs, network traffic, and system metrics. · Familiarity with scripting languages such as Python or Bash for automation and integration with Splunk. · Strong analytical and problem-solving skills with the ability to interpret security data and identify trends. · Excellent communication and collaboration skills with the ability to effectively communicate technical information to both technical and non-technical audiences. · Technical security documentation and business writing skills **Preferred technical and professional experience** Preferred Professional and Technical Expertise: · Splunk certifications (e.g., Splunk Certified Architect, Splunk Certified Security Analyst). · Experience with Splunk User Behavior Analytics (UBA). · Knowledge of cloud platforms (e.g., AWS, Azure, GCP) and their security logging capabilities. · Experience with SOAR (Security Orchestration, Automation and Response) platforms and their integration with Splunk. · Familiarity with threat intelligence platforms and their integration with Splunk. · Experience with data modeling and normalization techniques. · Knowledge of regulatory compliance standards (e.g., ISO 27001, PCI DSS, GDPR). · Experience in developing custom Splunk apps and add-ons. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.