SIEM Engineer

Line of Service
Advisory

Industry/Sector
Not Applicable

Specialism
Microsoft

Management Level
Associate

Job Description & Summary
At PwC, our people in business application consulting specialise in consulting services for a variety of business applications, helping clients optimise operational efficiency. These individuals analyse client needs, implement software solutions, and provide training and support for seamless integration and utilisation of business applications, enabling clients to achieve their strategic objectives.

As a business application consulting generalist at PwC, you will provide consulting services for a wide range of business applications. You will leverage a broad understanding of various software solutions to assist clients in optimising operational efficiency through analysis, implementation, training, and support.


*Why PWC

At PwC, you will be part of a vibrant community of solvers that leads with trust and creates distinctive outcomes for our clients and communities. This purpose-led and values-driven work, powered by technology in an environment that drives innovation, will enable you to make a tangible impact in the real world. We reward your contributions, support your wellbeing, and offer inclusive benefits, flexibility programmes and mentorship that will help you thrive in work and life. Together, we grow, learn, care, collaborate, and create a future of infinite experiences for each other. Learn more about us.

At PwC, we believe in providing equal employment opportunities, without any discrimination on the grounds of gender, ethnic background, age, disability, marital status, sexual orientation, pregnancy, gender identity or expression, religion or other beliefs, perceived differences and status protected by law. We strive to create an environment where each one of our people can bring their true selves and contribute to their personal growth and the firm’s growth. To enable this, we have zero tolerance for any discrimination and harassment based on the above considerations.




About the Role 

We’re looking for an early-career SIEM Engineer to join our Global SIEM team and help drive the next phase of our security analytics and observability journey. You will be hands-on with Splunk (Enterprise/Cloud/ES) and Cribl (Stream/Edge) to onboard, normalize, and optimize security data, while building/maintaining detections, dashboards, and automations that support our SOC, Threat Hunting, and Incident Response teams. 

You’ll thrive here if you enjoy crafting robust data pipelines, writing efficient SPL, applying security frameworks (MITRE ATT&CK, NIST), and continuously improving signal quality and time-to-detect/resolve. 

 

Responsibilities 

Platform & Data Engineering 

• Onboard new log sources (network, endpoint, identity, cloud, SaaS) into Splunk via Cribl (Stream/Edge), ensuring secure, reliable, and cost-optimized ingestion. 
  

• Build and manage Cribl pipelines (parsing, shaping, routing, redaction, filtering, sampling) aligned to data retention and ingest budgets. 
  

• Implement and maintain Splunk data models, CIM mappings, sourcetypes, index strategies, HEC tokens, and ingestion best practices. 
  

• Monitor and optimize search performance (SPL tuning, data model acceleration, summary indexing, KV stores, lookup strategies). 
  
  

• Develop, tune, and maintain correlation searches and detections in Splunk Enterprise Security (including Risk-Based Alerting). 
  

• Build operational and executive dashboards, reports, and analytics for SOC and leadership stakeholders. 
  

• Maintain runbooks, field extractions (regex), data quality checks, and use case documentation. 
  
  

• Apply MITRE ATT&CK mapping, threat modeling, and basic threat hunting practices to refine use cases and reduce false positives. 
  

• Partner closely with SOC Analysts, Threat Hunters, IR, Cloud/SRE, and Application Owners to improve detection coverage and response workflows. 
  

• Contribute to purple team exercises and lessons learned to elevate controls and detections. 
  
  

• 2–3 years of hands-on experience with Splunk (Enterprise/Cloud/ES) in security logging, detection engineering, or SIEM operations. 
  

• Working knowledge of Cribl (Stream and/or Edge) for data routing, transformation, and optimization. 
  

• Solid SPL skills: joins, stats/timechart, eval, rex, transaction, datamodel, tstats, mstats. 
  

• Familiarity with CIM, data models, and security-relevant log sources (EDR, firewall, proxy, DNS, identity, cloud). 
  

• Understanding of core security concepts: authentication flows, network fundamentals, common attack techniques, and incident response basics. 
  

• Experience with Linux fundamentals, Git-based content management, and scripting for automation (bash or Python preferred). 
  

• Strong communication, documentation, and cross-time-zone collaboration skills. 
  
  

• Splunk Core Certified Power User 
  

• Splunk Core Certified Admin 
  

• Splunk Enterprise Security Certified Admin (nice to have) 
  

• Splunk Cloud Admin (nice to have) 
  
  

• Cribl Certified Observability Engineer (CCOE) – Stream 
  

• Cribl Certified Observability Engineer – Edge (nice to have) 
  
  

• Security+, CySA+, or GSEC (or equivalent) 
  

• Familiarity with MITRE ATT&CK, NIST CSF/800-53, ISO 27001 
  
  

• Experience with risk-based alerting, entity analytics/UEBA, or threat hunting content. 
  

• Cloud and SaaS logging: AWS (CloudTrail/GuardDuty/S3), Azure (Event Hub/Graph/Defender), GCP (Audit/Cloud Logging), Okta, M365 (Graph/Security Center). 
  

• Observability crossover: metrics/logs/traces, OpenTelemetry, S3/object storage targets, syslog/TLS, HEC, Kafka. 
  

• Familiarity with SOAR (e.g., Splunk SOAR) for playbooks and enrichment automation. 
  

• Knowledge of regex, YAML/JSON pipelines, and API-based integrations. 
  

• Exposure to compliance/reporting (PCI-DSS, ISO 27001, SOC2). 
  
  

• Time-to-Onboard new data sources (meeting quality and CIM standards). 
  

• Signal Quality: reduction in false positives; improved precision/recall of detections. 
  

• Performance & Cost: search latency improvements, efficient data model usage, and optimized ingest/storage. 
  

• Operational Excellence: documented runbooks, reliable handoffs, and on-time closure of engineering backlog. 
  

• Stakeholder Satisfaction from SOC/IR and platform owners. 
  
  

Education (if blank, degree and/or field of study not specified)
Degrees/Field of Study required: Bachelor of Engineering, Master of Business Administration

Degrees/Field of Study preferred:

Certifications (if blank, certifications not specified)

Required Skills
SIEM Tools

Optional Skills
Accepting Feedback, Accepting Feedback, Active Listening, Analytical Reasoning, Application Software, Business Data Analytics, Business Management, Business Technology, Business Transformation, Communication, Documentation Development, Emotional Regulation, Empathy, Implementation Research, Implementation Support, Implementing Technology, Inclusion, Intellectual Curiosity, Optimism, Performance Assessment, Performance Management Software, Problem Solving, Product Management, Product Operations, Project Delivery {+ 11 more}

Desired Languages (If blank, desired languages not specified)

Travel Requirements

Available for Work Visa Sponsorship?

Government Clearance Required?

Job Posting End Date
April 14, 2026