Splunk Engineer (Remote)

Splunk Engineer

Are you passionate about building scalable security monitoring solutions, optimizing log pipelines, and ensuring organizations have the visibility they need to detect threats effectively? If you thrive in an environment where data quality, security operations, and platform engineering come together, then Payatu is the place for you. We are always on the lookout for talented individuals to expand our renowned Bandit family at Payatu.

Who We Are

Payatu is an ISO9001:27001 certified company focused on driving excellence, growth, and innovation to make the cyberworld safe for every organization, product, and individual. We are a dedicated team of experts at Payatu, specializing in providing cybersecurity solutions. As we continue to expand, we are looking for a candidate who will help build and enhance security monitoring capabilities through robust log management, data onboarding, and SIEM engineering.

Key Responsibilities

• Design, implement, and maintain Splunk infrastructure and data ingestion pipelines.
• Onboard and normalize log sources using Splunk Common Information Models (CIM).
• Configure and manage Splunk Forwarders, HEC inputs, API integrations, and data collection mechanisms.
• Develop and maintain dashboards for monitoring log quality, ingestion health, and platform performance.
• Support Detection Engineering teams by ensuring high-quality and detection-ready telemetry.
• Deploy, tune, and maintain Splunk Enterprise Security correlation searches and detection content.
• Implement and optimize Risk-Based Alerting (RBA) to improve detection effectiveness and reduce alert fatigue.
• Manage index retention, storage optimization, and data lifecycle management.
• Troubleshoot and resolve data ingestion, parsing, and pipeline-related issues.
• Collaborate with security, engineering, and operations teams to improve visibility and monitoring capabilities.

You Are a Perfect Technical Fit If You Have

• 3+ years of experience working with Splunk Administration, Engineering, or SIEM Operations.
• Strong knowledge of SPL (Search Processing Language) and query optimization.
• Hands-on experience with Splunk Enterprise Security (ES).
• Experience onboarding and normalizing data sources using CIM.
• Knowledge of Splunk Forwarders, HEC, API-based integrations, and data ingestion best practices.
• Experience managing indexes, retention policies, and storage optimization.
• Understanding of security operations, threat detection, and monitoring workflows.
• Strong troubleshooting and problem-solving abilities.
• Excellent communication and collaboration skills.

Good to Have

• Experience implementing Risk-Based Alerting (RBA).
• Knowledge of Splunk ESCU detection content and security use cases.
• Familiarity with MITRE ATT&CK Framework and security monitoring concepts.
• Experience with CrowdStrike Falcon, Microsoft Defender, Entra ID, or other security telemetry sources.
• Scripting experience using Python for automation and integrations.
• Splunk certifications such as Splunk Core Certified Power User, Splunk Enterprise Certified Admin, or higher.
• Experience working with Splunk Cloud environments.