Splunk SME

Implement and configure Splunk SIEM solutions tailored to organizational security requirements. Onboard diverse log sources into Splunk, ensuring data is parsed and normalized according to the Common Information Model (CIM). Develop and maintain data models, field extractions, and event parsing logic. Design, develop, and tune detection rules, correlation searches, dashboards, and alerts. Continuously optimize content to reduce false positives and improve detection accuracy. Monitor and maintain the health, availability, and scalability of the Splunk environment. Perform regular platform optimization, including indexing, storage management, and search performance tuning. Administer Splunk components (indexers, search heads, forwarders, etc.) and manage upgrades/patches. Collaborate with stakeholders to ensure successful delivery of security monitoring capabilities. Conduct log source and use case gap analysis to identify coverage gaps and recommend enhancements. Work with security teams to develop new use cases aligned with evolving threat landscapes.