Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

EY TC-CS-Cyber Detection Response - Splunk-OT Manager 
India, Kerala, Thiruvananthapuram 
47611644

01.04.2025

Key Responsibilities

  • Splunk Implementation & Configuration
    • Lead the design, implementation, and management of Splunk solutions (On-prem and Cloud) with a focus on OT environment use cases.
    • Configure indexers, forwarders, search heads, and data ingestion strategies to ensure optimal performance and availability.
    • Implement and manage Splunk Enterprise Security (ES) App to support threat detection and incident response in OT environments.
  • OT Network Integration
    • Work with industrial control system (ICS)/SCADA networks to integrate logs and telemetry data from OT devices.
    • Collaborate with OT and engineering teams to understand unique system architectures and data flows.
    • Develop and implement use cases specific to OT security , such as anomaly detection on PLCs, DCS, and other field devices.
    • Integrate and optimize Splunk with Claroty, Nozomi , or similar OT security platforms to enhance visibility and threat detection.
    • Ensure robust monitoring of ICS protocols and assets, aligning with industry standards (e.g., IEC 62443, NIST SP 800-82).
    • Stay updated on emerging threats and vulnerabilities specific to OT/ICS environments.
  • Cybersecurity & Threat Detection
    • Collaborate with SOC teams to configure correlation searches, alerts, and dashboards for proactive threat detection in OT networks.
    • Knowledge in SOAR, XDR and EDR where applicable.
    • Support incident response efforts by providing technical expertise on OT network investigations and forensics.
  • Project Management & Client Engagement
    • Lead end-to-end Splunk implementation projects, including scoping, resource planning, and timeline management.
    • Engage with clients to understand business and technical requirements, translating them into Splunk and OT security solutions.
    • Prepare and respond to RFPs, including solution design, project planning, and proof-of-concept demonstrations.
    • Deliver progress updates and manage client expectations through regular meetings and written communications.
  • Team Leadership & Training
    • Mentor and guide junior engineers, ensuring the adoption of Splunk best practices and OT cybersecurity standards.
    • Conduct training sessions for client teams and internal stakeholders to promote effective use of Splunk in OT contexts.
    • Foster a culture of continuous improvement and innovation within the team.

Mandatory Skills & Qualifications

  • Bachelor’s degree in computer science , Information Technology, Cybersecurity, or a related field.
  • 8+ years of experience in cybersecurity with a demonstrated focus on OT/ICS networks and Splunk implementations.
  • Proven expertise in Splunk Enterprise Security (ES) , including architecture, deployment, and optimization.
  • Hands-on experience with OT security solutions (Claroty, Nozomi, or similar) and deep knowledge of industrial protocols (e.g., Modbus, DNP3, OPC, etc.).
  • Solid understanding of ICS/SCADA environments and best practices for securing OT networks.
  • Strong knowledge of SOAR , EDR , and related cybersecurity technologies.
  • Experience integrating Splunk with cloud environments (AWS, GCP, Azure) for log ingestion and monitoring.
  • Excellent project management skills, with the ability to manage multiple projects and teams effectively.
  • Strong communication and interpersonal skills for client-facing engagements and internal stakeholder management.
  • Experience preparing and responding to RFPs , including technical solution design and project scoping.
  • Splunk certifications (e.g., Splunk Certified Architect, Splunk Certified Consultant).

Preferred Qualifications

  • Master’s degree in Cybersecurity, Information Technology, or a related field.
  • Additional cybersecurity certifications (e.g., CISSP, GICSP, CISM, CRISC).
  • Knowledge of Python , PowerShell , or other scripting languages for automation and integration tasks.
  • Familiarity with compliance standards and regulations relevant to OT environments (e.g., NERC CIP, IEC 62443).
  • Experience with other SIEM solutions and cybersecurity tools.



EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.