Splunk Enterprise Security (ES) Consultant - remote

Remote – offsite
Responsibilities

+ Develop custom detection content: correlation searches, notable events, alerts, reports, and visualizations to surface threat activity

+ Build and maintain Splunk Apps and Technology Add-ons (TAs)

+ Onboard new data sources and normalize them to the Common Information Model (CIM)

+ Optimize data flow and ingestion using aggregation, filtering, and pipeline tuning

+ Configure notable event actions, action menus, and Adaptive Responses

+ Tune detections to cut noise and surface what matters, including risk-based alerting where applicable

+ Build dashboards that highlight anomalies, trends, and security and operational metrics

+ Support and optimize large distributed clustered Splunk environments (search heads, indexers, forwarders, deployment servers)

+ Partner with the client's security and SOC team...