• Build, tune, and maintain detection rules and alerts in Splunk to identify security threats, suspicious activity, and policy violations • Reduce alert fatigue by continuously improving detection logic to minimize false positives while maintaining coverage • Monitor and develop detections for cloud security events across AWS and GCP using our CSPM tooling (Prisma Cloud) • Collaborate with the Security team to develop detection strategies based on threat intelligence and the MITRE ATT&CK framework • Investigate alerts and escalate confirmed incidents according to our incident response procedures • Set up and configure automation scripts and tooling for alert triage, ticket creation, and incident workflows • Create dashboards and reports to provide visibility into security posture and detection effectiveness • Document detection logic, runbooks, and response procedures • Support EDR (CrowdStrike) monitoring and investigate endpoint-related alerts • Identify opportunities to use Splunk for operational and product monitoring beyond pure security use cases