This role leads Cognizant's Splunk Enterprise Security delivery within a flagship engagement with one of the world's foremost enterprise security and observability companies. You will hold a senior position with direct client visibility and significant influence over detection engineering and platform strategy.
About The Role
We are looking for a Principal Technical Lead for Splunk Enterprise Security to own critical escalations, drive detection engineering excellence, and lead a team of senior engineers. This is a high-impact role combining deep technical depth with customer engagement and strategic leadership.
What You Will Do
- Lead resolution of critical Splunk ES escalations with full end-to-end ownership
- Provide hands-on support to Senior Engineers and Technical Leads for complex issues including correlation search failures, RBA anomalies, data model issues, and search performance
- Engage directly with customers to drive resolution and maintain confidence during high-severity incidents
- Validate RCA findings and recommend preventive and long-term solutions
- Oversee correlation searches, detection logic, data model acceleration, and Splunk ES optimisation
- Validate Splunk ES product updates and patches; assess impact on detection use cases and platform stability
- Drive security monitoring strategy improvements and threat detection enhancements
- Revise and update technical training programs based on product changes and RCA insights
- Mentor engineers and drive a culture of technical excellence and continuous improvement
What You Bring
- Deep expertise in Advanced SPL, cloud platforms (AWS/Azure/GCP), and Python/Shell scripting
- Strong escalation ownership, stakeholder management, and customer communication skills
- Proven experience in a technical leadership or managerial role
Certifications (Preferred) Splunk Certified Admin
- Splunk Enterprise Security Certified Admin (Legacy preferred)
