Job Description

We have received a requirement for DevSecOps Security Engineer position.
The candidate must have expertise in Splunk. Kindly refer to the attached JD for further details.
Please find the details below:
1. Location : Chennai
2. Work Mode : Work from Office
3. Indian Shift Timing : 2:00 PM - 11:00 PM IST
4. Joining Date : 16th October 2025
5. Preferred Experience Level : 6-10 Years
7. No. of Positions : 1
Budget Upto 27- 28 LPA
Job Title: DevSecOps Security Engineer - with Splunk Expertise
Overview
The DevSecOps Security Engineer will embed security into modern delivery for our customer environment, while also providing Splunk engineering support to our internal team. Based in Chennai, India, this hands-on role partners with local Engineering/DevOps to secure CI/CD pipelines, Kubernetes workloads, and runtime environments in alignment with enterprise standards. Experience with API and Bot security is a plus.
Primary focus: Customer DevSecOps enablement (pipelines, IaC guardrails, Kubernetes hardening, runtime detection/response, observability)
Secondary focus: Internal Splunk SME work (use cases, onboarding, dashboards, compliance reporting)
Target allocation: ~80% Customer DevSecOps / ~20% Internal Splunk (subject to business needs)
Key Responsibilities
A) Customer DevSecOps Enablement
Pipeline Security: Integrate automated scans (SAST, SCA, IaC, container) into CI/CD (GitHub, Jenkins, Argo CD); enforce quality gates and break-glass workflows.
IaC Guardrails: Implement policy-as-code for Terraform/Helm/manifests; codify baselines, waivers, and approvals in version control.
Kubernetes Security: Apply CIS Benchmarks; enforce admission controls; implement least-privilege RBAC, network policies, image signing/attestations, and runtime defenses.
Secrets & Identity: Harden secrets management; align to Zero Trust and least-privilege access patterns.
Compliance Mapping: Align detections/controls to MITRE ATT&CK, CIS, NIST, and PCI where applicable; produce audit-ready artifacts (e.g., SBOMs and attestations).
API & Bot Security (Strongly Preferred): Implement API discovery/cataloging and API threat modeling; enforce WAAP/edge/CDN policies and rate limiting; deploy bot detection/mitigation and fraud signals.
B) Observability & Runtime Protection
Runtime Monitoring: Deploy vulnerability, misconfiguration, drift, and anomaly detection across clusters and services.
Telemetry & Dashboards: Build real-time observability with Grafana, OpenTelemetry, and OpenSearch.
On-Call & Escalations: Configure PagerDuty and ticketing (Jira/ServiceNow); reduce MTTR with clear ownership and runbooks.
IR Enablement: Partner with SOC/IR for evidence collection, triage, post-incident reviews, and improvement actions.
C) Splunk (Internal Team Support)
Log Onboarding & Tuning: Integrate new data sources, perform field extractions, apply lifecycle policies; maintain index health. (Nice to have: ingest API gateway/WAAP/bot telemetry.)
Detection Engineering: Author/tune SPL searches and correlation rules; map detections to MITRE/CIS; reduce false positives.
Dashboards & Reporting: Deliver detection/operations dashboards and automated compliance/audit reports.
Platform Care: Support upgrades, performance tuning, license utilization, and app maintenance.
D) Delivery, Documentation & Stakeholders
Execution: Own Jira epics/stories; deliver against roadmap with measurable outcomes.
Docs & Runbooks: Maintain Confluence runbooks, playbooks, standards, and architecture diagrams.
Communication: Provide weekly status, risk/issue tracking, and stakeholder updates (customer + internal).
Qualifications
Bachelor's in Computer Science, Cybersecurity, or related field; advanced degree a plus.
Hands-on DevSecOps experience across CI/CD, Kubernetes, and cloud-native platforms.
Strong IaC security and policy-as-code (Terraform/Helm/Git-based guardrails).
Kubernetes security (CIS, admission controls, image signing/attestations, RBAC, Pod Security admission, network policies).
Observability: Grafana, OpenTelemetry, OpenSearch; on-call tooling (PagerDuty).
Splunk (Required): data onboarding, SPL, dashboards, correlation rules, compliance reporting, and performance tuning.
Scripting/automation (REST, CLI, Ansible, Terraform); familiarity with SOAR, Jira/ServiceNow.
Experience with CNAPP/CSPM platforms (Prisma Cloud and/or Wiz).
API & Bot Security (Strongly Preferred): API discovery/cataloging; API threat modeling; WAAP/edge/CDN policies; rate limiting; bot detection/mitigation & fraud signals. Akamai/Cequence experience is a plus.
Strong troubleshooting, stakeholder communication, and cross-team collaboration skills.

Skills Required