1

Splunk Siem Engineer Jobs in San Ramon, CA (NOW HIRING)

Security Engineer

San Jose, CA · On-site

$134K - $193K/yr

We are looking for a Security Engineer to join our team in one of today's most exciting ... Monitoring and analysis of cyber security events with the use of Splunk (SIEM), SOAR, IDS, XDR ...

Network Security Engineer

San Jose, CA · On-site

$122K - $167K/yr

Administer and fine-tune security technologies including SIEM (Splunk, QRadar), Firewall (Palo Alto ... Mentor and provide technical guidance to L1 and L2 engineers, supporting skill development and ...

Security Engineer

San Jose, CA · On-site

$134K - $193K/yr

We are looking for a Security Engineer to join our team in one of today's most exciting ... Monitoring and analysis of cyber security events with the use of Splunk (SIEM), SOAR, IDS, XDR ...

Principal Security Engineer

San Jose, CA · On-site

$178K - $257K/yr

Monitoring and analysis of cyber security events with the use of Splunk (SIEM), SOAR, IDS, XDR ... Bachelor's degree in computer science (Engineering & Technology desired), Management of information ...

Principal Security Engineer

San Jose, CA · On-site

$178K - $257K/yr

Monitoring and analysis of cyber security events with the use of Splunk (SIEM), SOAR, IDS, XDR ... Bachelor's degree in computer science (Engineering & Technology desired), Management of information ...

Network Security Engineer

San Francisco, CA · Hybrid

$123K - $168K/yr

What We're Looking For We're looking for a Network Security Engineer to design, implement, and ... Experience with SIEM (e.g., Splunk, QRadar), vulnerability scanners (e.g., Nessus, Qualys), and ...

next page

Showing results 1-20

Splunk Siem Engineer information

What are the key skills and qualifications needed to thrive as a Splunk SIEM Engineer, and why are they important?

To thrive as a Splunk SIEM Engineer, you need strong expertise in security information and event management (SIEM), log analysis, scripting, and a background in cybersecurity, often supported by a computer science degree or related certifications. Familiarity with Splunk Enterprise Security, Splunk Query Language (SPL), and certifications like Splunk Certified Power User or Splunk Certified Admin are commonly required. Analytical thinking, problem-solving skills, and effective communication help engineers interpret security data and collaborate with IT teams. These skills are crucial for proactively detecting threats, optimizing security operations, and ensuring the resilience of organizational IT environments.

What are some common challenges faced by Splunk SIEM Engineers when integrating new data sources?

Splunk SIEM Engineers often encounter challenges such as inconsistent log formats, lack of documentation from data source owners, and ensuring data normalization for effective correlation and analysis. Additionally, dealing with high data volume while maintaining system performance and security compliance can be demanding. Close collaboration with IT, security teams, and application owners is critical to troubleshoot issues and fine-tune data onboarding processes.

What is the difference between Splunk Siem Engineer vs Security Analyst?

AspectSplunk Siem EngineerSecurity Analyst
CertificationsSplunk Certified Power User, Splunk Certified AdminCompTIA Security+, GIAC Security Essentials
Work EnvironmentFocus on configuring, maintaining, and optimizing Splunk SIEM toolsMonitor security alerts, investigate incidents, and implement security measures
Industry UsagePrimarily in cybersecurity, IT operations, and complianceAcross cybersecurity teams, incident response, and risk management

The Splunk Siem Engineer specializes in deploying and managing Splunk SIEM solutions, ensuring data ingestion and system performance. In contrast, the Security Analyst focuses on analyzing security data, investigating threats, and responding to incidents. While both roles require security knowledge and certifications, the engineer emphasizes system setup and maintenance, whereas the analyst emphasizes threat detection and response.

What does a Splunk SIEM Engineer do?

A Splunk SIEM Engineer is responsible for designing, implementing, and managing Splunk Security Information and Event Management (SIEM) solutions within an organization. They monitor security events, create dashboards, and develop alerts to detect and respond to potential threats. Their work involves integrating various data sources into Splunk, maintaining system performance, and ensuring compliance with security policies. Splunk SIEM Engineers also play a key role in incident response and help organizations improve their overall security posture.
What job categories do people searching Splunk Siem Engineer jobs in San Ramon, CA look for? The top searched job categories for Splunk Siem Engineer jobs in San Ramon, CA are:
What cities near San Ramon, CA are hiring for Splunk Siem Engineer jobs? Cities near San Ramon, CA with the most Splunk Siem Engineer job openings:
Infographic showing various Splunk Siem Engineer job openings in San Ramon, CA as of June 2026, with employment types broken down into 1% As Needed, 53% Full Time, 39% Part Time, 2% Contract, and 5% Nights. Highlights an 78% Physical, 9% Hybrid, and 13% Remote job distribution.
Security Engineer - SIEM (Splunk) Platform & Operations

Security Engineer - SIEM (Splunk) Platform & Operations

Samsung SDS America

San Jose, CA • On-site

Full-time

Medical, Dental, Vision, Life, Retirement, PTO

Posted 18 days ago


Samsung SDS America rating

6.8

Company rating: 6.8 out of 10

Based on 14 frontline employees who took The Breakroom Quiz

136th of 207 rated it services


Job description

Samsung SDS America (SDSA) serves as the U.S. technology and innovation hub for Samsung’s global enterprise solutions, delivering secure, scalable, and high‑performance IT services that support some of the world’s most complex business environments. As SDSA continues to expand its cloud, mobility, analytics, and cybersecurity capabilities, maintaining a resilient security operations foundation is essential to protecting the company’s digital assets and ensuring uninterrupted service delivery.

Position Summary:

As Security Engineer, you’ll join the Cybersecurity Operations team, where you’ll serve as the frontline detective monitoring and correlating real‑time threat data from firewalls, cloud assets, EDR, and AI‑driven platforms like Darktrace. You’ll design, tune, and optimize Splunk Enterprise Security dashboards, detection rules, and correlation searches to cut false positives while delivering rapid, high‑fidelity alerts. Leveraging your experience SOC environments, you’ll lead deep incident investigations, spearhead proactive threat‑hunting missions, and drive remediation priorities based on risk and business impact. Collaboration is key: you’ll partner with global engineers, cloud specialists, and incident‑response teams to continuously improve our security posture and document best‑practice playbooks.

This is a Full Time Onsite position located in San Jose, CA.

Responsibilities:

  • Monitor and analyze security event logs from multiple sources, including firewalls, intrusion detection/prevention systems, endpoint protection platforms, servers, cloud environments, and tools like Darktrace, to identify potential threats.
  • Monitor, triage, and investigate alerts and logs within the Splunk SIEM and Splunk Enterprise Security (ES) platform.
  • Assist in improving SIEM processes, detection coverage, alert fidelity, and operational workflows including creating dashboards
  • Support the onboarding and integration of logs from enterprise systems into the Splunk environment.
  • Validate log source completeness, data normalization, rule logic, and alert relevance across critical systems and infrastructure
  • Perform initial analysis of security events, escalate incidents when appropriate, and assist with root cause identification.
  • Conduct in-depth investigations of security incidents and recommend remediation and containment actions.
  • Conduct proactive threat hunting using SIEM, EDR, CASB, and network detection tools, such as Darktrace, to identify suspicious activity that may have bypassed traditional controls.
  • Tune and optimize correlation searches, detection rules, dashboards, and use cases to improve operational efficiency and reduce false positives.
  • Prioritize remediation efforts based on risk, severity, and business impact.
  • Participate in incident response activities and support threat hunting initiatives as needed.
  • Collaborate with cross-functional teams to respond effectively to cybersecurity incidents and strengthen overall security posture.
  • Create and maintain documentation for log flows, detection use cases, triage procedures, playbooks, cybersecurity processes, and operational standards.

Requirements

  • Bachelor’s degree in Computer Science, Information Security, Information Assurance, or a related field; Master’s degree preferred.
  • 3+ years of experience in a cybersecurity operations or related security role.
  • 2+ years of hands-on experience administering Splunk Enterprise Security (ES).
  • Strong hands-on experience with Splunk log ingestion, data normalization, search heads, indexers, SPL query development, and dashboard optimization.
  • Knowledge of detection engineering, correlation rule development, and incident response workflows.
  • Proven experience in threat analysis & incident response.
  • Strong understanding of security log sources, including Windows and Linux servers, firewalls, endpoint tools, cloud infrastructure, and network detection platforms, such as Darktrace.
  • Experience triaging and analyzing security alerts in complex, multi-platform enterprise environments.
  • Familiarity with cloud platforms such as AWS, Azure, or similar environments.
  • Strong analytical, communication, and collaboration skills, with the ability to clearly present findings and recommendations.
  • Ability to work effectively across diverse global teams and adapt to evolving business and technical environments.
  • Curious, resilient, and data-driven, with a proactive approach to solving security challenges.

Preferred Qualifications:

  • Relevant certifications such as Splunk Enterprise Security Certified Admin.
  • Experience with supporting tools such as Darktrace, Crowdstrike, or Netskope are highly preferred
  • Active knowledge & experience with rule creation & executing correlation searches in Splunk.

Benefits

Samsung SDSA offers a comprehensive suite of programs to support our employees:

  • Top-notch medical, dental, vision and prescription coverage
  • Wellness program
  • Parental leave
  • 401K match and savings plan
  • Flexible spending accounts
  • Life insurance
  • Paid Holidays
  • Paid Time off
  • Additional benefits

Samsung SDS America, Inc. is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, race, color, religion, sex, sexual orientation, gender identity or expression, national origin, disability, status as a protected veteran, marital status, genetic information, medical condition, or any other characteristic protected by law.

We are committed to providing reasonable accommodations to participate in the job application or interview process for candidates with disabilities. Please let your recruiter know if you need an accommodation at any point during the interview process.

The base pay range for this role depends on appropriate skills, experience, and technical level. Career Level 2 base salary is USD $125,000-175,000.

Individual base pay depends on various factors, in addition to primary work location, such as complexity and responsibility of role, job duties/requirements, and relevant experience and skills.

Certain roles are eligible for additional rewards, including annual bonus. U.S.-based employees have access to medical, dental, and vision insurance, a 401(k) plan and company match, short-term and long-term disability coverage, basic life insurance, and wellbeing benefits, among others. U.S.-based employees also receive, per calendar year, up to 10 scheduled paid holidays, and Paid Time Off.


What Samsung SDS America employees say

Pay

Benefits

Hours and flexibility

Workplace

Get the full story on Breakroom