Job Description

About Cognizant Corporate

Cognizant Corporate is a global community united by a shared purpose: to make a meaningful impact. We are committed to excellence and driven by outcomes that matter. Collaboration is at the heart of how we work, and our forward-thinking mindset fuels continuous learning, innovation, and growth.


At Cognizant, careers transcend titles. We empower our people to think strategically, inspire others, and lead with purpose - always guided by our core values. Join us in shaping future of business.

About the role

As a SIEM Platform Engineer, you will drive impactful contributions and focus on outcomes. You will be a key member of the Cyber Security team, collaborating with Dinesh Padmanabhan. As a member of Corporate Security's (CS) Global Cyber Operations (GCO) team, SIEM Platform Engineer is responsible for the full lifecycle management of the organization's SIEM infrastructure across on-premises and cloud environments. This includes the engineering, administration, and continuous improvement of both Splunk Enterprise (on-prem) and Cortex XSIAM (cloud/SaaS) platforms.


The role ensures platform stability, scalability, integration, and performance while enabling detection teams, security analysts, and incident responders to operate effectively.


Successful candidates must be inquisitive, detail-oriented, and have strong problem-solving skills to quickly address anomalies. Ideally the candidates for this role thrive in diverse and fast-paced environments. As a team of self-starters, you can work with impact with our vibrant people and culture all while enjoying unmatched learning opportunities.

In this role, you will:

1. Administer, maintain, and optimize the on-premises Splunk Enterprise infrastructure, including indexers, search heads, forwarders, and deployment servers.


2. Manage the SaaS-based Cortex XSIAM platform, ensuring tenant configuration, integrations, and performance are aligned to organizational needs.


3. Configure and manage data ingestion pipelines including parsing, field extraction, source types, and event normalization.


4. Troubleshoot ingestion failures, indexing delays, or dashboard/reporting issues across both Splunk and Cortex platforms.


5. Implement role-based access control (RBAC), app permissions, and search optimization policies.


6. Monitor platform resource usage and ensure scaling, license usage, and hardware capacity are proactively managed.


7. Plan and execute upgrades, patching cycles, architecture reviews, and platform migrations or expansions.


8. Support detection engineers and threat hunters with SPL/KQL query optimization and data availability.


9. Integrate log sources from cloud services, infrastructure systems, endpoint agents, and custom applications.


10. Create and maintain technical documentation including ingestion specs, dashboards, and platform configuration guides.


11. Support audit and compliance initiatives by enabling long-term data retention, encryption, and access control monitoring.


12. Participate in on-call rotation for critical platform incidents affecting security operations

What you must have to be considered

Bachelor's degree in computer science, Information Security, or a related technical field. 5+ years of experience managing SIEM platforms, with specific expertise in Splunk Enterprise and/or Cortex XSIAM. Strong understanding of distributed architecture design, log ingestion pipelines, and SPL (Search Processing Language). Experience with Linux system administration, scripting (Python, Shell), and automation tools. Familiarity with RBAC, certificate management, and platform monitoring tools (e.g., Cribl, Splunk ITSI, App for Infrastructure). Hands-on experience with onboarding logs from firewalls, proxies, cloud workloads (AWS, Azure, GCP), and identity providers. Certifications preferred: Splunk Certified Admin/Architect, Palo Alto Cortex XSIAM Specialist, RHCSA, or relevant cloud platform certifications A strong sense of ownership, desire to create meaningful outcomes, and passion for work that serves a greater good for customers, communities, or global challenges. The embodiment of Cognizant's Values of: Work as One, Dare to Innovate, Raise the Bar, Do The right Thing, & Own It

Work model

- Expected to be in cognizant office on all business days


The working arrangements for this role are accurate as of the date of posting. This may change based on the project you're engaged in, as well as business and client requirements. Rest assured; we will always be clear about role expectations.


We're excited to meet people who share our mission and can make an impact in a variety of ways. Don't hesitate to apply, even if you only meet the minimum requirements listed. Think about your transferable experiences and unique skills that make you stand out as someone who can bring new and exciting things to this role.