About Cognizant Corporate

Cognizant Corporate is a global community united by a shared purpose: to make a meaningful impact. We are committed to excellence and driven by outcomes that matter. Collaboration is at the heart of how we work, and our forward-thinking mindset fuels continuous learning, innovation, and growth.

At Cognizant, careers transcend titles. We empower our people to think strategically, inspire others, and lead with purpose – always guided by our core values. Join us in shaping future of business.

About the role

As a SIEM Platform Engineer, you will drive impactful contributions and focus on outcomes. You will be a key member of the Cyber Security team, collaborating with Dinesh Padmanabhan. As a member of Corporate Security’s (CS) Global Cyber Operations (GCO) team, SIEM Platform Engineer is responsible for the full lifecycle management of the organization's SIEM infrastructure across on-premises and cloud environments. This includes the engineering, administration, and continuous improvement of both Splunk Enterprise (on-prem) and Cortex XSIAM (cloud/SaaS) platforms.

The role ensures platform stability, scalability, integration, and performance while enabling detection teams, security analysts, and incident responders to operate effectively.

Successful candidates must be inquisitive, detail-oriented, and have strong problem-solving skills to quickly address anomalies. Ideally the candidates for this role thrive in diverse and fast-paced environments. As a team of self-starters, you can work with impact with our vibrant people and culture all while enjoying unmatched learning opportunities.

In this role, you will:

1. Administer, maintain, and optimize the on-premises Splunk Enterprise infrastructure, including indexers, search heads, forwarders, and deployment servers.

2. Manage the SaaS-based Cortex XSIAM platform, ensuring tenant configuration, integrations, and performance are aligned to organizational needs.

3. Configure and manage data ingestion pipelines including parsing, field extraction, source types, and event normalization.

4. Troubleshoot ingestion failures, indexing delays, or dashboard/reporting issues across both Splunk and Cortex platforms.

5. Implement role-based access control (RBAC), app permissions, and search optimization policies.

6. Monitor platform resource usage and ensure scaling, license usage, and hardware capacity are proactively managed.

7. Plan and execute upgrades, patching cycles, architecture reviews, and platform migrations or expansions.

8. Support detection engineers and threat hunters with SPL/KQL query optimization and data availability.

9. Integrate log sources from cloud services, infrastructure systems, endpoint agents, and custom applications.

10. Create and maintain technical documentation including ingestion specs, dashboards, and platform configuration guides.

11. Support audit and compliance initiatives by enabling long-term data retention, encryption, and access control monitoring.

12. Participate in on-call rotation for critical platform incidents affecting security operations

What you must have to be considered

· Bachelor’s degree in computer science, Information Security, or a related technical field.

· 5+ years of experience managing SIEM platforms, with specific expertise in Splunk Enterprise and/or Cortex XSIAM.

· Strong understanding of distributed architecture design, log ingestion pipelines, and SPL (Search Processing Language).

· Experience with Linux system administration, scripting (Python, Shell), and automation tools.

· Familiarity with RBAC, certificate management, and platform monitoring tools (e.g., Cribl, Splunk ITSI, App for Infrastructure).

· Hands-on experience with onboarding logs from firewalls, proxies, cloud workloads (AWS, Azure, GCP), and identity providers.

· Certifications preferred: Splunk Certified Admin/Architect, Palo Alto Cortex XSIAM Specialist, RHCSA, or relevant cloud platform certifications

• A strong sense of ownership, desire to create meaningful outcomes, and passion for work that serves a greater good for customers, communities, or global challenges.
• The embodiment of Cognizant’s Values of: Work as One, Dare to Innovate, Raise the Bar, Do The right Thing, & Own It

Work model – Expected to be in cognizant office on all business days

The working arrangements for this role are accurate as of the date of posting. This may change based on the project you’re engaged in, as well as business and client requirements. Rest assured; we will always be clear about role expectations.

We're excited to meet people who share our mission and can make an impact in a variety of ways. Don't hesitate to apply, even if you only meet the minimum requirements listed. Think about your transferable experiences and unique skills that make you stand out as someone who can bring new and exciting things to this role.

The Cognizant community:
We are a high caliber team who appreciate and support one another. Our people uphold an energetic, collaborative and inclusive workplace where everyone can thrive.

• Cognizant is a global community with more than 300,000 associates around the world.
• We don’t just dream of a better way – we make it happen.
• We take care of our people, clients, company, communities and climate by doing what’s right.
• We foster an innovative environment where you can build the career path that’s right for you.

About us:
Cognizant is one of the world's leading professional services companies, transforming clients' business, operating, and technology models for the digital era. Our unique industry-based, consultative approach helps clients envision, build, and run more innovative and efficient businesses. Headquartered in the U.S., Cognizant (a member of the NASDAQ-100 and one of Forbes World’s Best Employers 2025) is consistently listed among the most admired companies in the world. Learn how Cognizant helps clients lead with digital at www.cognizant.com

Cognizant is an equal opportunity employer. Your application and candidacy will not be considered based on race, color, sex, religion, creed, sexual orientation, gender identity, national origin, disability, genetic information, pregnancy, veteran status or any other characteristic protected by federal, state or local laws.

Disclaimer: 
Compensation information is accurate as of the date of this posting. Cognizant reserves the right to modify this information at any time, subject to applicable law.

Applicants may be required to attend interviews in person or by video conference. In addition, candidates may be required to present their current state or government issued ID during each interview.