Skip to main content
Back to jobs

Lead Engineer, IT Security (SIEM/Splunk)

External
raymondjames logoRaymondjames · Saint Petersburg, Florida - United States
Full-timeHybridToday
BashCI/CDClusteringIncident ResponseLeadershipLinux
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role


Responsibilities

  • Lead the architecture, engineering, administration, and ongoing optimization of Splunk Cloud across a large-scale, distributed, hybrid, environment
  • Responsible for Splunk Cloud platform health, including indexer/search head clustering, deployment servers, forwarder management, storage optimization, license utilization, retention policies, performance tuning, and system availability
  • Develop, tune, and maintain Splunk content, including dashboards, reports, alerts, correlation searches, data models, field extractions, props/transforms, lookups, macros, and CIM-aligned knowledge objects
  • Lead automation initiatives across Splunk and security operations, including automated log onboarding, health checks, evidence collection, and ticket creation
  • Work with SOAR platforms, scripting, APIs, CI/CD pipelines, and infrastructure-as-code practices to automate repeatable Splunk administration, content management, and operational workflows
  • Troubleshoot complex Splunk issues related to ingestion, parsing, indexing, searching, acceleration, dashboards, apps/add-ons, authentication, integrations, storage, and platform performance
  • Lead administration and operational support for the global Syslog-NG environment
  • Strong troubleshooting skills across Linux, Windows, networking, storage, authentication, distributed systems, and cloud environments.
  • Shares in a weekly on-call rotation and acts as an escalation point for major incidents and associates of Raymond James.
  • Experience and Skills:
  • B.S. in Computer Science, Computer Engineering, or related degree and a minimum of five (5) years of related experience in Splunk engineering, administration, and content development
  • System administrator experience in Linux, Windows, or OSX operating systems
  • System administrator experience in maintenance and management of enterprise syslog environment
  • Knowledge of networking and the common network protocols
  • Experience with development of complex Splunk analytics
  • Familiar with interacting with a variety of APIs and using an API platform such as Postman, Insomnia, or Hopscotch to develop and test data integrations
  • Demonstrated ability to create complex scripts, develop tools, or automate processes in PowerShell, Python or Bash.
  • One or more of the following certifications or the ability to obtain within 1 year:
  • Splunk Cloud Certified Admin
  • Splunk Certified Architect
  • Splunk Certified Consultant
  • CISSP: Certified Information Systems Security Professional
  • CCNA: Cisco Certified Network Associate
  • Competencies:
  • Analysis: Identify and understand issues, problems and opportunities; compare data from different sources to draw co

Benefits

Health insurance

Additional Information

Job Description Summary Analyzes and monitors the organization's cyber security measures; responds to actual penetration attempts by malicious hackers. Job Description This position follows our hybrid workstyle policy: Expected to be in a Raymond James office location a minimum of 12 days a month. Please note: This role is not eligible for Work Visa sponsorship, either currently or in the future. The financial services industry is constantly under attack by sophisticated cyber adversaries that range from nation states to criminals. In response, the Raymond James Cyber Threat Center (CTC) is charged with ensuring all equities are secure against all tiers of adversaries. We are the central hub for Computer Network Operations and are on the front lines of security incident response, threat hunting, and intelligence. You'll be working with emerging technologies to solve challenging security problems in a fast-paced and continuously evolving environment, while helping steer the direction and evolution of the team. This highly visible team within the organization evaluates threats to the environment and dynamically adjusts to the ever-changing threat landscape by applying practical security knowledge to developing new detective measures to protect the firm. The CTC Lead Engineer, IT Security, is a primary member of the CTC and serves as a Splunk subject matter expert responsible for the design, development, creation, and maintenance of advanced Splunk content in support of Incident Response, HUNT, Cyber Threat Intelligence, and Cyber Crime operations. This role provides technical leadership for Splunk engineering, administration, optimization, automation, and AI-enabled security analytics across the enterprise. The Lead Engineer is also part of the Raymond James Splunk administration team and is responsible for the operation and maintenance of the Raymond James Splunk Cloud environment, including search heads, indexers, heavy and universal forwarders, and the enterprise Syslog-NG environment. The role partners closely with security operations, threat detection, incident response, infrastructure, cloud, and application teams to ensure reliable log ingestion, scalable platform performance, actionable detections, and continuous improvement through automation, analytics, and AI-assisted capabilities.


Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at raymondjames? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect