Principal Splunk Threat Detection & Integration Engineer

Job Description

• This position is posted by Jobgether on behalf of a partner company. We are currently looking for a Principal Splunk Threat Detection & Integration Engineer in the United States. This is a senior-level, hands-on engineering role focused on building, scaling, and optimizing advanced threat detection capabilities within a Splunk Enterprise Security environment. The position plays a critical part in strengthening an organization’s cybersecurity posture by designing sophisticated detection logic, integrating diverse security data sources, and operationalizing risk-based alerting at scale. You will serve as a technical authority for complex cross-domain detection challenges across cloud, identity, endpoint, and network environments. This role requires deep expertise in Splunk engineering, security data modeling, and automation, along with the ability to drive detection strategy rather than simply execute tasks. You will also mentor other engineers and help establish best practices across detection development and lifecycle management. This is a high-impact role for someone who thrives in deep technical ownership within a fast-moving security operations environment.
• Accountabilities: Own the full Splunk Enterprise Security detection content lifecycle, including design, development, validation, deployment, tuning, and decommissioning. Architect and optimize Risk-Based Alerting (RBA) frameworks, including risk scoring models, findings, aggregation logic, and MITRE ATT&CK alignment. Design, write, and optimize complex SPL queries with a focus on performance, scalability, and accuracy across security datasets. Engineer and maintain Splunk CIM mappings and data models, ensuring normalization across diverse and non-standard log sources. Build and manage Asset & Identity frameworks, including enrichment logic and authoritative data source integration. Operationalize threat intelligence pipelines, integrating IOC feeds, vulnerability data, and TAXII/STIX sources into detection workflows. Develop custom integrations, automation scripts, and APIs across the security stack using REST, HEC, Python, and related tools. Lead cross-domain detection engineering across identity, endpoint, cloud, network, SaaS, email, and insider threat use cases. Drive log onboarding and data ingestion processes, including parsing, extraction, CIM alignment, and ingestion optimization. Create and maintain SOC dashboards, detection documentation, and structured peer-review processes for all deployed content. Requirements: 8+ years of experience in security engineering, SOC/IR, or detection engineering, including 5+ years with Splunk Enterprise Security in production. Deep expertise in SPL, including advanced search optimization, lookups, KV stores, and REST API-based workflows. Strong hands-on experience with Splunk ES features such as correlation searches, risk framework, adaptive response, and threat intelligence management. Proven experience designing and operating Risk-Based Alerting (RBA) models in enterprise environments. Strong understanding of Splunk CIM and experience building or extending data models for security use cases. Experience across multiple security domains including cloud, identity, endpoint, network, email, and vulnerability management. Proven ability to integrate and automate security tools using APIs, Python, and SOAR platforms. Experience operationalizing threat intelligence feeds into actionable detection workflows. One or more current Splunk or equivalent security certifications required. Strong ability to manage multiple priorities and deliver high-quality outputs under tight deadlines. Benefits: Competitive salary package aligned with senior-level engineering expertise. Fully remote work environment with flexibility. Opportunity to work on large-scale, complex security detection systems. High-impact role with ownership over core detection engineering strategy. Exposure to advanced security technologies, automation, and AI-driven detection workflows. Professional growth opportunities, including certifications and advanced technical development.
• How Jobgether works: We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team. We appreciate your interest and wish you the best! Why Apply Through Jobgether? Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time. #LI-CL1
• We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
• apply for this job