[Urgent Search] Senior Security Consultant

Job Description About Gruve Gruve is an innovative software services startup dedicated to transforming enterprises to AI powerhouses. We specialize in cybersecurity, customer experience, cloud infrastructure, and advanced technologies such as Large Language Models (LLMs). Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks. About The Role Gruve Technologies is seeking a highly skilled SeniorSecurity Consultant with deep hands-on experience in designing, deploying, and configuring Splunk SIEM and SOAR solutions. The ideal candidate will lead end-to-end implementationsfrom architecture planning to log source onboarding, security use case creation, and tool integrations. This role also includes the deployment and configuration of Cribl for data routing and enrichment. You'll work closely with security analysts and engineering teams to ensure robust threat visibility, operational efficiency, and high-quality delivery. Key Responsibilities - SIEM Design & Implementation - Architect and deploy Splunk environments (single/multi-site, indexer/search head clustering). - Define and implement data ingestion strategies. - Configure Splunk components: UF/HF, indexers, deployment servers, apps, etc. - Deploy and manage Cribl for log stream processing and transformation. - Log Source Onboarding - Identify and prioritize IT, cloud, network, and application log sources. - Develop onboarding playbooks and custom parsing logic. - Configure props.conf, transforms.conf, and onboard into CIM-compliant structure. - Use Case Development & Configuration - Collaborate with SOC to translate detection requirements into correlation rules and alerts. - Build dashboards, reports, and alerting mechanisms in Splunk Enterprise Security (ES). - Optimize SPL queries and tune alerts to reduce noise and false positives. - Tool Integration - Integrate Splunk with platforms including: - SOAR solutions: Splunk SOAR, Palo Alto XSOAR - TIPs: Anomali, open-source feeds - Ticketing tools: ServiceNow, JIRA - EDR/NDR solutions: CrowdStrike, Fortinet, Cisco, etc. - Develop and manage APIs and automation scripts for bi-directional integration. - Documentation & Knowledge Transfer - Prepare HLDs/LLDs, operational SOPs, and architecture diagrams. - Create runbooks and ensure configuration backups. - Conduct KT sessions and operational training for SOC teams. Required Skills & Experience - 5+ years in SIEM implementation (3+ years focused on Splunk) - Strong expertise in Splunk SIEM, Splunk SOAR, and Cribl deployment/configuration - Skilled in SPL (Search Processing Language), CIM compliance, and log enrichment - Hands-on with onboarding data from varied sources and environments - Experience integrating tools and building automation with Python, Bash, etc. Preferred Certifications - Splunk Core Certified Power User - Splunk Certified Admin / Architect - Splunk Enterprise Security Certified Admin (preferred) - CompTIA Security+, GCIA, or CISSP Why Gruve At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you're passionate about technology and eager to make an impact, we'd love to hear from you. Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.