Splunk Engineer

Splunk Engineer Warsaw, hybrid. We are seeking a Splunk Engineer to strengthen our security monitoring and analytics capabilities. You will work with large‑scale data, enhance detection mechanisms, and support the stability and performance of our SIEM environment. This role combines data engineering, security analytics, and platform operations. Responsibilities • Develop and refine detection logic, alerts, and searches within Splunk‑based environments. • Build and maintain dashboards supporting security investigations, operational monitoring, and threat analysis. • Integrate Splunk outputs with automation platforms to streamline incident handling. • Prepare and transform log data to ensure accuracy, consistency, and high‑quality visibility across environments. • Create and maintain ingestion pipelines using various collection methods (agents, syslog, APIs, connectors). • Collaborate with infrastructure and application teams to expand logging coverage in cloud and on‑prem ecosystems. • Monitor and optimize Splunk platform performance, ensuring stable data flow and high availability. • Oversee the deployment and operational health of logging agents across endpoints and workloads. Requirements • 5+ years of experience in IT or cybersecurity, including at least 3 years working hands‑on with Splunk. • Practical experience in building searches, alerts, dashboards, and correlation logic. • Strong understanding of log formats, parsing techniques, regular expressions, and data normalization. • Proficiency in scripting languages such as Python, PowerShell, Perl, or SQL. • Familiarity with security operations, detection methodologies, and incident workflows. • Broad technical understanding of networks, operating systems, applications, and cloud services. • Ability to manage sensitive information responsibly and professionally.