Sr. Splunk Engineer

Axos Business Center, Corp

About This Job

Role Description

The Senior Splunk Engineer is a critical member of Axos Bank’s Security Engineering organization and is responsible for ensuring that our Splunk Enterprise Security (ES) Cloud environment operates at peak performance—fast, reliable, scalable, and fully aligned with the needs of AI driven Security Operations.
This role owns end to end engineering, operations, and enhancement of Splunk ES Cloud, ensuring 100% log source coverage at all times, continuously improving the detection ruleset, and administering and extending the Splunk SOAR platform. The ideal candidate is highly technical, deeply hands on, and capable of building high fidelity detection pipelines, tuning Splunk for efficiency, and engineering automation that accelerates SecOps outcomes.

Splunk ES Cloud Engineering & Operations

• Engineer, operate, and optimize Axos Bank’s Splunk ES Cloud environment to ensure high performance, high reliability, and low‑latency search, correlation, and dashboarding.
• Maintain 100% log source ingestion and coverage, ensuring all mission‑critical security, infrastructure, application, and cloud telemetry is continuously collected, normalized, and monitored.
• Implement proactive capacity planning, tuning, onboarding, and health monitoring to ensure Splunk ES Cloud operates predictably under load.
• Build scalable data ingestion pipelines, validate CIM mappings, and ensure high‑quality normalized data across all sources.

Detection Engineering

• Continuously expand, enhance, and tune detection rules, correlation searches, analytics stories, and behavioral detections to improve fidelity, reduce false positives, and accelerate threat discovery.
• Implement structured lifecycle processes for detection engineering—including threat modeling, hypothesis creation, rules testing, simulation, tuning, and performance validation.
• Work closely with SecOps analysts to convert investigative insights into new automation, detections, and dashboards.

Splunk SOAR Administration & Automation

• Administer, operate, and enhance Splunk SOAR—including playbook development, integration onboarding, connector tuning, and automation reliability.
• Build high‑quality, maintainable SOAR playbooks that automate triage, enrichment, correlation, and response workflows.
• Ensure SOAR integrations with internal and external systems (cloud, identity, EDR, WAF, AppSec tools, ticketing) are resilient and scalable.

Data Quality, Reliability & Coverage Assurance

• Implement automated monitoring, alerting, and reconciliation mechanisms to ensure zero data gaps, zero ingestion failures, and 24/7 log source continuity.
• Conduct regular audits of data source integrity, ingestion performance, and CIM compliance.
• Partner with engineering and infrastructure teams to resolve ingestion failures, bandwidth issues, throttling problems, and formatting defects.

Engineering, Documentation & Collaboration

• Produce engineering‑quality documentation across data onboarding, pipelines, health checks, detections, and playbooks.
• Collaborate with AI‑Driven Security Operations teams to feed high‑quality telemetry into AI models, anomaly‑detection pipelines, and automated response systems.
• Work with cloud, infrastructure, EDR, AppSec, and SecOps teams to ensure Splunk remains the authoritative source of security telemetry and analytics.

Required Qualifications

• 5+ years of hands‑on experience with Splunk ES, Splunk Cloud, or large‑scale SIEM engineering.
• Deep knowledge of Splunk data ingestion, search performance tuning, indexing, CIM normalization, correlation searches, and dashboard optimization.
• 2+ years of experience administering or engineering automations on Splunk SOAR (or other SOAR platforms).
• Ability to build, debug, and optimize search queries, analytics stories, and correlation rules at enterprise scale.
• Strong understanding of log formats, data pipelines, cloud telemetry, Syslog, API‑based ingestion, and security data standards.
• Experience working with security teams (SecOps, AppSec, Incident Response, Detection Engineering).
• Strong scripting or automation skills (Python preferred).

Preferred Qualifications

• Experience with high‑volume, cloud‑native Splunk environments.
• Background in detection engineering, threat research, or offensive security.
• Hands‑on experience integrating Splunk with cloud platforms (AWS, Azure), EDR, WAF, identity systems, and AppSec tools.
• Experience building or tuning SOAR playbooks for automated response.
• Certifications such as Splunk Core Certified Power User, Splunk Enterprise Security Admin, or Splunk SOAR Certified Automation Developer.

About Axos

Born digital-first, Axos delivers financial tools and services that allow individuals, small businesses, and companies to access and manage their money how, when, and where they want. We’re a diverse team of dynamic, insightful, and independent innovators who are excited to provide technology-driven solutions that offer unbeatable value to our customers.

Axos Financial is our holding company and is publicly traded on the New York Stock Exchange under the symbol "AX" (NYSE: AX).

Learn More about working at Axos Business Center

Pre-Employment Background Check, Medical, and Drug Test:

All offers are contingent upon the candidate successfully passing a credit check, criminal background check, and pre-employment medical and drug screening. 

Equal Employment Opportunity:

Axos is an Equal Opportunity employer. We are committed to providing equal employment opportunities to all employees and applicants without regard to race, religious creed, color, sex (including pregnancy, breast feeding and related medical conditions), gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship status, military and veteran status, marital status, age, protected medical condition, genetic information, physical disability, mental disability, or any other protected status in accordance with all applicable federal, state, and local laws.

Job Functions and Work Environment:

While performing the duties of this position, the employee is required to sit for extended periods of time. Manual dexterity and coordination are required while operating standard office equipment such as computer keyboard and mouse, calculator, telephone, copiers, etc.

The work environment characteristics described here are representative of those an employee may encounter while performing the essential functions of this position. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions of this position.