We are seeking an experienced Splunk Subject Matter Expert to lead the design, implementation, and optimization of Splunk solutions across security operations and observability domains. This role serves as the technical authority on Splunk architecture, driving enterprise-wide deployments for security monitoring, threat detection, and comprehensive observability across hybrid and multi-cloud environments.
Design and implement Splunk Enterprise Security (ES) deployments including correlation searches, notable event management, risk-based alerting, and threat intelligence framework integration
Develop and optimize security use cases covering MITRE ATT&CK tactics, insider threat detection, anomaly detection, and APT hunting
Build Splunk SOAR playbooks for security orchestration, automated response workflows, and cross-platform integrations
Implement User and Entity Behavior Analytics (UBA) to detect insider threats, compromised credentials, and behavioral anomalies
Architect and deploy Splunk Observability Cloud solutions including Infrastructure Monitoring, APM, RUM, and Log Observer
Implement OpenTelemetry instrumentation for distributed tracing, metrics, and correlation across microservices
Build synthetic monitoring and alerting strategies for proactive detection of performance and availability issues
Integrate diverse data sources across AWS, Azure, GCP, EDR tools, firewalls, IDS/IPS, network devices, applications, and databases
Design API integrations, webhook configurations, and custom scripted inputs for specialized collection needs
Implement Splunk HEC with load balancing, encryption, and token governance
Develop custom TAs and applications to extend Splunk capabilities
Lead technical discovery workshops and design target-state Splunk architectures
Develop architecture diagrams, implementation guides, runbooks, and knowledge transfer materials
Provide mentorship on Splunk administration, SPL optimization, dashboards, and alerts
Manage POCs and pilots demonstrating Splunk’s value across security and observability
Serve as escalation point for complex technical and architectural issues
7–10 years experience with Splunk Enterprise, including 3+ in architect or senior admin roles
Deep expertise in Splunk Enterprise Security and SOC solution design
Strong experience with Splunk Observability Cloud including APM, Infra Monitoring, and RUM
Advanced SPL skills including optimized queries, regex, field extraction, and CIM mapping
Experience with Splunk SOAR automation and orchestration
Strong understanding of MITRE ATT&CK, NIST CSF, and Kill Chain methodologies
Experience with PCI-DSS, HIPAA, GDPR, SOC 2, and ISO 27001 compliance monitoring
Knowledge of threat intelligence platforms, IOC management, and threat hunting
Experience with AWS, Azure, GCP native logging, security monitoring, and cost optimization
Understanding of Docker, Kubernetes, microservices, and cloud-native observability
Knowledge of networking concepts, firewalls, proxies, IDS/IPS, VPNs, zero-trust architecture
Familiarity with CI/CD, Terraform, CloudFormation, and DevOps practices
Proficiency in Python for automation, API integrations, and Splunk app development
Experience with Bash or PowerShell for automation and data collection
Understanding of REST APIs, JSON/XML, and web technologies
Splunk Certified Architect or ES Certified Admin
Certifications such as CISSP, GCIA, GCIH, GCFA
Experience with Splunk MLTK for anomaly detection and predictive analytics
Experience with managed Splunk services and 24x7 operations
Knowledge of Datadog, New Relic, or Dynatrace
Experience with OT/IoT security monitoring
Excellent communication skills and ability to translate technical concepts for business stakeholders
Strong analytical and problem‑solving abilities
Ability to manage multiple concurrent client engagements
Independent working style with effective collaboration across distributed teams
Customer‑focused mindset with a commitment to quality
7–10 years experience with Splunk Enterprise, including 3+ in architect or senior admin roles
Deep expertise in Splunk Enterprise Security and SOC solution design
Strong experience with Splunk Observability Cloud including APM, Infra Monitoring, and RUM
Advanced SPL skills including optimized queries, regex, field extraction, and CIM mapping
Experience with Splunk SOAR automation and orchestration
Splunk Certified Architect or ES Certified Admin
Certifications such as CISSP, GCIA, GCIH, GCFA
Experience with Splunk MLTK for anomaly detection and predictive analytics
Experience with managed Splunk services and 24x7 operations
Knowledge of Datadog, New Relic, or Dynatrace
Experience with OT/IoT security monitoring
At Zensar, we’re “experience-led everything” We are committed to conceptualizing, designing, engineering, marketing, and managing digital solutions and experiences for over 130 leading enterprises. We are a company driven by a bold purpose: Together, we shape experiences for better futures Whether for our clients, our people, or the world around us, this belief powers everything we do. At the heart of our culture is ONE with Client - a set of four core values that reflect who we are and how we work: One Zensar, Nurturing, Empowering, and Client Focus
Part of the $4.8 billion RPG Group, we’re a community of 10,000+ innovators across 30+ global locations, including Milpitas, Seattle, Princeton, Cape Town, London, Zurich, Singapore, and Mexico City. Explore Life at Zensar and join us to Grow. Own. Achieve. Learn. to be the best version of yourself.
We believe the best work happens when individuality is celebrated, growth is encouraged, and well-being is prioritized. We are an equal employment opportunity (EEO) and affirmative action employer, committed to creating an inclusive workplace. All qualified applicants will be considered without regard to race, creed, color, ancestry, religion, sex, national origin, citizenship, age, sexual orientation, gender identity, disability, marital status, family medical leave status, or protected veteran status.
Zensar stands out as a premier technology consulting and services company, embracing an ‘experience-led everything’ philosophy. We are creators, thinkers, and problem solvers passionate about designing digital experiences that are engineered into scale-ready products, services, and solutions to deliver superior engagement to high-growth companies. This full lifecycle capability – from experience to engineering to engagement – is what makes us unique. This integrated approach also means that we harness the power of technology, creativity, and insight to deliver impact — ensuring our work focuses not just on technology but also on the people who use it.
Part of the $4.4 billion RPG Group, Zensar is headquartered in Pune, India. Our 10,000+ employees work across 30+ locations worldwide, including Seattle, Princeton, Cape Town, London, Singapore, and Mexico City. As an organization, we are diverse and multi-dimensional and unite across geographies and skill sets to deliver products and services that are value-driven, environmentally conscious, and human-centered.
To know more, visit us at www.zensar.com.
