Full Time SIEM Engineer Jobs, in NTT DATA Business Solutions Selangor - Maukerja

At NTT DATA Business Solutions, we drive innovation – from advisory and implementation to managed services and beyond, powered by a global team of over 18,500 experts representing over 90 nations in more than 30 countries. With SAP at our core and a powerful ecosystem of partners like Microsoft and ServiceNow, we continuously improve solutions and AI-driven technology to make them work for companies – and for their people.

We are part of NTT DATA, a $30+ billion business and technology services, AI and digital infrastructure leader. As a Global Top Employer, NTT DATA serves 75% of the Fortune Global 100 and, with experts in over 70 countries, co-innovates solutions that encourage experimentation and recognize great work.

With us, you have endless opportunities to think big, act bold and take ownership. Make this the place where you belong, learn, and build your network.

Make this the place where you grow

.
What makes us speci

al:
Team-oriented corporate culture, collaboration as equals and steady knowledge tran

sfer Diversity & Inclusion (e.g. various initiatives & communit

ies) Flexible working hours, (e.g. hybrid work

ing) Inhouse Academy with a variety of professional technical training, soft skills training, SAP Learning Hub and certification opportuni

ties Company health benefits (e.g. Medical Insurance, Health Insurance, Optical and Dental Benef

its)
Key Responsibil

itiesWe are seeking a dedicated Splunk Enterprise Security (ES) Engineer to work closely with the Security Operations Centre (SOC) team. This role is responsible for the design, implementation, optimisation, and day-to-day operation of Splunk ES to support threat detection, investigation, and incident response. The Splunk ES Engineer will act as the technical owner of Splunk ES, ensuring high-quality data onboarding, effective detection content, performant searches, and continuous tuning based on SOC feedback and the evolving threat lands

cape.
1. Splunk Enterprise Security Platform Own

• ershipOwn and manage the Splunk Enterprise Security platform, ensuring availability, performance, and scala
• bilityConfigure and maintain ES components inc
• ludingCorrelation se
• archesRisk-Based Alerting
• (RBA)Notable
• eventsAdaptive Response A
• ctionsDashboards an
• d KPIsPerform regular health checks and optimisation of Splunk ES and core Splunk infrastru

cture.
2. Data Onboarding & Normal

• isationLead onboarding of security-relevant data sources (e.g. firewalls, EDR, IAM, servers, cloud platforms, applica
• tions).Ensure data quality, timestamp accuracy, CIM compliance, and consistent field extra
• ctions.Troubleshoot ingestion, parsing, and indexing issues in collaboration with infrastructure and application

teams.
3.Detection Engineering & Use Case Dev

• elopmentDevelop, customise, and tune detection use cases aligned with SOC requirements, in
• cluding:Authentication attacks (brute force, credentia
• l abuse)Privileged accoun
• t misuseMalware and endpoint
• threatsLateral movement and suspicious network activityData exfiltration and policy vi
• olationsImplement and mature Risk-Based Alerting to reduce alert fatigue and improve signal-to-nois
• e ratio.Continuously tune correlation searches based on false positives, analyst feedback, and threat intel

ligence.
4. SOC Enablement & Coll

• aborationWork closely with SOC analysts to
• support:Ale
• rt triageInves
• tigationsIncident response
• workflowsTranslate SOC detection requirements into effective Splunk ES
• content.Provide guidance and training to SOC analysts on using Splunk ES for invest

igations.
5. Automation & In

• tegrationsImplement automation and enrichm
• ent using:Splunk ES Adaptiv
• e ResponseSOAR or scripting where
• applicableIntegrate Splunk ES with ITSM / ticketing tools and other security
• platforms.Enable threat intelligence enrichment and contextual data f

or alerts.
6. Reporting, Metrics &

• GovernanceBuild and maintain dashboards for:SOC performance metrics (MTTD, MTTR, ale
• rt volumes)Detecti
• on coverageRisk scores
• and trendsSupport audit, compliance, and management reporting by providing evidence and doc
• umentation.Maintain documentation for data sources, use cases, and SOC

workflows.
Education/Exper

ience/SkillsTech

• nical SkillsStrong hands-on experience with Splunk Enterprise Security in a SOC
• environment.Solid understanding of Splunk co
• re concepts:SPL (Search Processi
• ng Language)Indexing, data
• models, CIMPerformance tuning and
• optimisationExperience onboarding and normalising security
• log sources.Knowledge of security domains: network security, endpoint security, IAM, operating systems, and clo
• ud security.Familiarity with detection engineering and SOC

operation

• s.
  Experience3+ years of hands-on Splunk experience, with at least 2 years focused
• on Splunk ES.Proven experience supporting or working directly wit
• h a SOC team.Experience in incident detection, investigation, and respon

se workflows

• .
  Nice to HaveSplunk certifications (e.g. Splunk Core Certified Power User, Enterprise Security Cer
• tified Admin).Experience with SOAR platforms and securi
• ty automation.Knowledge of MITRE ATT&CK framework and thr
• eat modelling.Experience operating SIEM in regulated or large enterprise

environments.
Pers

• onal AttributesStrong analytical and problem-
• solving skills.Able to work collaboratively with SOC analysts and cross-fu
• nctional teams.Proactive mindset with a focus on continuo
• us improvement.Clear communicator, able to translate technical concepts to non-technica
• l stakeholders.Willing to work in Cyberjaya, Selangor and able to tr