Job Description

Line of Service

Advisory

Industry/Sector

Not Applicable

Specialism

Microsoft

Management Level

Associate

& Summary

At PwC, our people in business application consulting specialise in consulting services for a variety of business applications, helping clients optimise operational efficiency. These individuals analyse client needs, implement software solutions, and provide training and support for seamless integration and utilisation of business applications, enabling clients to achieve their strategic objectives.

As a business application consulting generalist at PwC, you will provide consulting services for a wide range of business applications. You will leverage a broad understanding of various software solutions to assist clients in optimising operational efficiency through analysis, implementation, training, and support.

*Why PWC

At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us

At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations.

About the Role

We’relooking for an early-career SIEM Engineer to join our Global SIEM team and help drive the next phase of our security analytics and observability journey. You will be hands-on with Splunk (Enterprise/Cloud/ES) and Cribl (Stream/Edge) to onboard, normalize, andoptimizesecurity data, while building/maintainingdetections, dashboards, and automations that support our SOC, Threat Hunting, and Incident Response teams.

You’llthrive here if you enjoy crafting robust data pipelines, writing efficient SPL, applying security frameworks (MITRE ATT&CK, NIST), and continuously improving signal quality and time-to-detect/resolve.

Responsibilities

Platform & Data Engineering

• Onboard new log sources (network, endpoint, identity, cloud, SaaS) into Splunk via Cribl (Stream/Edge), ensuring secure, reliable, and cost-optimized ingestion.

• Build and manage Cribl pipelines (parsing, shaping, routing, redaction, filtering, sampling) aligned to data retention and ingest budgets.

• Implement and maintain Splunk data models, CIM mappings,sourcetypes, index strategies, HEC tokens, and ingestion best practices.

• Monitor andoptimizesearch performance (SPL tuning, data model acceleration, summary indexing, KV stores, lookup strategies).

Detection, Content & Operations

• Develop, tune, andmaintain correlation searches and detections in Splunk Enterprise Security (including Risk-Based Alerting).

• Build operational and executive dashboards, reports, and analytics for SOC and leadership stakeholders.

• Maintain runbooks, field extractions (regex), data quality checks, and use case documentation.

Security Mindset & Collaboration

• Apply MITRE ATT&CK mapping, threat modeling, and basic threat hunting practices to refine use cases and reduce false positives.

• Partner closely with SOC Analysts, Threat Hunters, IR, Cloud/SRE, and Application Owners to improve detection coverage and response workflows.

• Contribute to purple team exercises and lessons learned to elevate controls and detections.

Required Qualifications

• 2–3 years of hands-on experience with Splunk  (Enterprise/Cloud/ES) in security logging, detection engineering, or SIEM operations.

• Working knowledge of Cribl (Stream and/or Edge) for data routing, transformation, and optimization.

• Solid SPL skills: joins, stats/timechart, eval, rex, transaction,datamodel,tstats,mstats

• Familiarity with CIM, data models, and security-relevant log sources (EDR,firewall, proxy, DNS, identity, cloud).

• Understanding ofcore security concepts: authentication flows, network fundamentals, common attack techniques, and incident response basics

• Experience with Linux fundamentals, Git-based content management, and scripting for automation (bash or Python preferred).

• Strong communication, documentation, and cross-time-zone collaboration skills.

Preferred Certifications (one or more)

Equivalent or higher-level credentials are welcome.

Splunk

• Splunk Core Certified Power User

• Splunk Core Certified Admin

• Splunk Enterprise Security Certified Admin (nice to have)

• Splunk Cloud Admin (nice to have)

Cribl

• Cribl Certified Observability Engineer (CCOE) – Stream

• CriblCertified Observability Engineer – Edge (nice to have)

Security

• Security+, CySA+, or GSEC (or equivalent)

• Familiarity with MITRE ATT&CK, NIST CSF/800-53, ISO 27001

Nice-to-Have Skills

• Experience with risk-based alerting, entity analytics/UEBA, or threat hunting content.

• Cloud and SaaS logging: AWS (CloudTrail/GuardDuty/S3), Azure (Event Hub/Graph/Defender), GCP (Audit/Cloud Logging), Okta, M365 (Graph/Security Center).

• Observability crossover: metrics/logs/traces,OpenTelemetry, S3/object storage targets, syslog/TLS, HEC, Kafka.

• Familiarity with SOAR (e.g., Splunk SOAR) for playbooks and enrichment automation.

• Knowledge of regex, YAML/JSON pipelines, and API-based integrations.

• Exposure tocompliance/reporting (PCI-DSS, ISO 27001, SOC2).

Success Metrics (What Good Looks Like)

• Time-to-Onboard new data sources (meeting quality and CIM standards).

• Signal Quality reduction in false positives; improved precision/recall of detections.

• Performance & Costsearchlatency improvements, efficient data model usage, andoptimizedingest/storage.

• Operational Excellence documented runbooks, reliable handoffs, and on-time closure of engineering backlog.

• Stakeholder Satisfaction from SOC/IR and platform owners.

Mandatory skill sets:Platform & Data Engineering • Onboard new log sources (network, endpoint, identity, cloud, SaaS) into Splunk via Cribl (Stream/Edge), ensuring secure, reliable, and cost-optimized ingestion. • Build and manage Cribl pipelines (parsing, shaping, routing, redaction, filtering, sampling) aligned to data retention and ingest budgets. • Implement and maintain Splunk data models, CIM mappings, sourcetypes, index strategies, HEC tokens, and ingestion best practices. • Monitor and optimize search performance (SPL tuning, data model acceleration, summary indexing, KV stores, lookup strategies).

Preferred skill sets:• Develop, tune, and maintain correlation searches and detections in Splunk Enterprise Security (including Risk-Based Alerting). • Build operational and executive dashboards, reports, and analytics for SOC and leadership stakeholders. • Maintain runbooks, field extractions (regex), data quality checks, and use case documentation.

Years of experience required:2 to 5 Years

Education Qualification:B.E. / B.Tech / MBA. All qualifications should be in regular full-time mode with no extension of course duration due to backlogs • Splunk Core Certified Power User • Splunk Core Certified Admin • Splunk Enterprise Security Certified Admin (nice to have) • Splunk Cloud Admin (nice to have) Cribl • Cribl Certified Observability Engineer (CCOE) – Stream • Cribl Certified Observability Engineer – Edge (nice to have)

Education (if blank, degree and/or field of study not specified)

Degrees/Field of Study required: Bachelor of Engineering, Master of Business AdministrationDegrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills

SIEM Tools

Optional Skills

Accepting Feedback, Accepting Feedback, Active Listening, Analytical Reasoning, Application Software, Business Data Analytics, Business Management, Business Technology, Business Transformation, Communication, Documentation Development, Emotional Regulation, Empathy, Implementation Research, Implementation Support, Implementing Technology, Inclusion, Intellectual Curiosity, Optimism, Performance Assessment, Performance Management Software, Problem Solving, Product Management, Product Operations, Project Delivery {+ 11 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship?

Government Clearance Required?

Job Posting End Date

April 14, 2026