Key Responsibilities

• Administer and maintain Splunk Enterprise Security (ES) environment.
  
• Manage index lifecycle, retention policies, and storage optimization
  

• Develop, optimize, and maintain correlation searches and use cases
  
• Align detections with frameworks like MITRE ATT&CK
  
• Create and enhance Splunk dashboards, reports, and alerts
  
• Integrate new log sources and data inputs (cloud, network, endpoint, apps)
  
• Normalize and onboard logs using CIM (Common Information Model)
  
• Tune Data Models, tags, event types
  

• Provide advanced support for incident investigations escalated from L1...