Senior Splunk Engineer

Senior Splunk Engineer

At Bank of America, we are guided by a common purpose to help make financial lives better through the power of every connection. We do this by driving Responsible Growth and delivering for our clients, teammates, communities and shareholders every day.

• The position of Senior Splunk Engineer is responsible for working directly with our Splunk team to analyze, triage, and support data transformation initiatives.
• This role will be at the forefront of enhancing our security data environment to provide optimal up‑time of the platform.
• The role will also be expected to actively share knowledge and mentor more junior members of the Security Operations and Threat Response team.
• The role will work with all Cyber Defense operational and technical teams within Global Information Security (GIS) to develop valuable detection strategies and analytics that identify malicious behavior accurately.
• The role advises on product assessments, policy adjustments, and architectural transformations that impact the global enterprise.
• The role will be a thought leader in the design of cutting‑edge detective, preventative, and proactive controls.
• Hands‑on technical acumen with writing efficient SPL within short timelines to support detection needs of the firm.

• Minimum of 6+ years of experience in a technical role in the areas of Security Operations, Incident Response, Content Development or equivalent in a large enterprise Splunk environment performing triage and administrative duties.
• Direct experience performing content detection engineering and threat hunting in an active corporate environment.
• Significant experience working with Splunk Programming Language (SPL) to create and tune detections.
• Experience mapping data fields to a common data model such as CEF or OCSF.
• Direct experience working with very large datasets and log analysis tools including Splunk, Python, Pandas, SQL, Hadoop, Hue.
• Ability to see the larger picture when dealing with competing requirements and needs from across the organization in order to build consensus and drive results.
• Ability to navigate and work effectively across a complex, geographically dispersed organization.
• Experience with enterprise‑scale EDR, SIEM, and SOAR tools.
• Experience in requirements gathering around the Splunk tool, documenting requirements, requirement analysis, product testing, etc.
• Splunk Infrastructure Management experience/knowledge.
• Collaborate with teams to monitor and optimize the performance of the Splunk environment, ensuring efficient data processing and search capabilities on search heads.
• Ability to troubleshoot, triage and resolve issues related to Splunk infrastructure, ensuring high availability and reliability.
• Experience in Splunk Enterprise and Splunk Cloud.

• Design and implement data ingestion strategies for various log sources into Splunk.
• Develop and maintain parsing configurations to normalize and enrich incoming data for effective analysis.
• Collaborate with application owners and IT teams to onboard new data sources into Splunk.
• Create and optimize search queries and reports to extract valuable insights from the indexed data.
• Customize and implement Splunk dashboards for different stakeholders to visualize key performance indicators and security metrics.

• Implement security best practices within Splunk to safeguard sensitive data.
• Collaborate with the security team to configure and monitor alerts for suspicious activities or security incidents.
• Ensure compliance with industry regulations and internal policies related to log management and data retention.
• Develop automation scripts using SPL and other scripting languages to streamline administrative tasks.
• Continuously seek opportunities to improve efficiency through automation in Splunk processes.

• Maintain thorough documentation of Splunk configurations, processes, and troubleshooting procedures.
• Provide training and support to other IT team members on Splunk best practices and usage.
• Experience consuming, analyzing, and reporting Cyber Threat Intelligence for actionable takeaways.
• Demonst…