EY TC-CS-Cyber Detection Response - Splunk-OT Manager 

India, Kerala, Thiruvananthapuram 

47611644

Key Responsibilities

• Splunk Implementation & Configuration
  • Lead the design, implementation, and management of Splunk solutions (On-prem and Cloud) with a focus on OT environment use cases.
  • Configure indexers, forwarders, search heads, and data ingestion strategies to ensure optimal performance and availability.
  • Implement and manage Splunk Enterprise Security (ES) App to support threat detection and incident response in OT environments.
• OT Network Integration
  • Work with industrial control system (ICS)/SCADA networks to integrate logs and telemetry data from OT devices.
  • Collaborate with OT and engineering teams to understand unique system architectures and data flows.
  • Develop and implement use cases specific to OT security , such as anomaly detection on PLCs, DCS, and other field devices.
  • Integrate and optimize Splunk with Claroty, Nozomi , or similar OT security platforms to enhance visibility and threat detection.
  • Ensure robust monitoring of ICS protocols and assets, aligning with industry standards (e.g., IEC 62443, NIST SP 800-82).
  • Stay updated on emerging threats and vulnerabilities specific to OT/ICS environments.
• Cybersecurity & Threat Detection
  • Collaborate with SOC teams to configure correlation searches, alerts, and dashboards for proactive threat detection in OT networks.
  • Knowledge in SOAR, XDR and EDR where applicable.
  • Support incident response efforts by providing technical expertise on OT network investigations and forensics.
• Project Management & Client Engagement
  • Lead end-to-end Splunk implementation projects, including scoping, resource planning, and timeline management.
  • Engage with clients to understand business and technical requirements, translating them into Splunk and OT security solutions.
  • Prepare and respond to RFPs, including solution design, project planning, and proof-of-concept demonstrations.
  • Deliver progress updates and manage client expectations through regular meetings and written communications.
• Team Leadership & Training
  • Mentor and guide junior engineers, ensuring the adoption of Splunk best practices and OT cybersecurity standards.
  • Conduct training sessions for client teams and internal stakeholders to promote effective use of Splunk in OT contexts.
  • Foster a culture of continuous improvement and innovation within the team.

Mandatory Skills & Qualifications

• Bachelor’s degree in computer science , Information Technology, Cybersecurity, or a related field.
• 8+ years of experience in cybersecurity with a demonstrated focus on OT/ICS networks and Splunk implementations.
• Proven expertise in Splunk Enterprise Security (ES) , including architecture, deployment, and optimization.
• Hands-on experience with OT security solutions (Claroty, Nozomi, or similar) and deep knowledge of industrial protocols (e.g., Modbus, DNP3, OPC, etc.).
• Solid understanding of ICS/SCADA environments and best practices for securing OT networks.
• Strong knowledge of SOAR , EDR , and related cybersecurity technologies.
• Experience integrating Splunk with cloud environments (AWS, GCP, Azure) for log ingestion and monitoring.
• Excellent project management skills, with the ability to manage multiple projects and teams effectively.
• Strong communication and interpersonal skills for client-facing engagements and internal stakeholder management.
• Experience preparing and responding to RFPs , including technical solution design and project scoping.
• Splunk certifications (e.g., Splunk Certified Architect, Splunk Certified Consultant).

Preferred Qualifications

• Master’s degree in Cybersecurity, Information Technology, or a related field.
• Additional cybersecurity certifications (e.g., CISSP, GICSP, CISM, CRISC).
• Knowledge of Python , PowerShell , or other scripting languages for automation and integration tasks.
• Familiarity with compliance standards and regulations relevant to OT environments (e.g., NERC CIP, IEC 62443).
• Experience with other SIEM solutions and cybersecurity tools.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.