TC-CS-Cyber Detection And Response - Splunk-OT - Manager

At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all. 

Job Summary

We are seeking an experienced Splunk Implementation Manager with a strong background in Operational Technology (OT) cybersecurity to join our team. The ideal candidate will have hands-on experience implementing Splunk for OT networks, integrating OT devices, and working with OT security solutions such as Claroty or Nozomi. This role will require deep knowledge of ICS/SCADA environments, network protocols, and best practices in monitoring and securing critical infrastructure. You will also collaborate closely with SOC teams, project managers, and client stakeholders to deliver secure, scalable, and optimized Splunk solutions.

Key Responsibilities

• Splunk Implementation & Configuration
  • Lead the design, implementation, and management of Splunk solutions (On-prem and Cloud) with a focus on OT environment use cases.
  • Configure indexers, forwarders, search heads, and data ingestion strategies to ensure optimal performance and availability.
  • Implement and manage Splunk Enterprise Security (ES) App to support threat detection and incident response in OT environments.
• OT Network Integration
  • Work with industrial control system (ICS)/SCADA networks to integrate logs and telemetry data from OT devices.
  • Collaborate with OT and engineering teams to understand unique system architectures and data flows.
  • Develop and implement use cases specific to OT security, such as anomaly detection on PLCs, DCS, and other field devices.
  • Integrate and optimize Splunk with Claroty, Nozomi, or similar OT security platforms to enhance visibility and threat detection.
  • Ensure robust monitoring of ICS protocols and assets, aligning with industry standards (e.g., IEC 62443, NIST SP 800-82).
  • Stay updated on emerging threats and vulnerabilities specific to OT/ICS environments.
• Cybersecurity & Threat Detection
  • Collaborate with SOC teams to configure correlation searches, alerts, and dashboards for proactive threat detection in OT networks.
  • Knowledge in SOAR, XDR and EDR where applicable.
  • Support incident response efforts by providing technical expertise on OT network investigations and forensics.
• Project Management & Client Engagement
  • Lead end-to-end Splunk implementation projects, including scoping, resource planning, and timeline management.
  • Engage with clients to understand business and technical requirements, translating them into Splunk and OT security solutions.
  • Prepare and respond to RFPs, including solution design, project planning, and proof-of-concept demonstrations.
  • Deliver progress updates and manage client expectations through regular meetings and written communications.
• Team Leadership & Training
  • Mentor and guide junior engineers, ensuring the adoption of Splunk best practices and OT cybersecurity standards.
  • Conduct training sessions for client teams and internal stakeholders to promote effective use of Splunk in OT contexts.
  • Foster a culture of continuous improvement and innovation within the team.

Mandatory Skills & Qualifications

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field.
• 8+ years of experience in cybersecurity with a demonstrated focus on OT/ICS networks and Splunk implementations.
• Proven expertise in Splunk Enterprise Security (ES), including architecture, deployment, and optimization.
• Hands-on experience with OT security solutions (Claroty, Nozomi, or similar) and deep knowledge of industrial protocols (e.g., Modbus, DNP3, OPC, etc.).
• Solid understanding of ICS/SCADA environments and best practices for securing OT networks.
• Strong knowledge of SOAR, EDR, and related cybersecurity technologies.
• Experience integrating Splunk with cloud environments (AWS, GCP, Azure) for log ingestion and monitoring.
• Excellent project management skills, with the ability to manage multiple projects and teams effectively.
• Strong communication and interpersonal skills for client-facing engagements and internal stakeholder management.
• Experience preparing and responding to RFPs, including technical solution design and project scoping.
• Splunk certifications (e.g., Splunk Certified Architect, Splunk Certified Consultant).

Preferred Qualifications

• Master’s degree in Cybersecurity, Information Technology, or a related field.
• Additional cybersecurity certifications (e.g., CISSP, GICSP, CISM, CRISC).
• Knowledge of Python, PowerShell, or other scripting languages for automation and integration tasks.
• Familiarity with compliance standards and regulations relevant to OT environments (e.g., NERC CIP, IEC 62443).
• Experience with other SIEM solutions and cybersecurity tools.

EY | Building a better working world 

 
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.  

 
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.  

 
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.