Lennox (NYSE: LII) Driven by 130 years of legacy, HVAC and refrigeration success, Lennox provides our residential and commercial customers with industry-leading climate-control solutions. At Lennox, we win as a team, aiming for excellence and delivering innovative, sustainable products and services. Our culture guides us and creates a workplace where all employees feel heard and welcomed. Lennox is a global community that values each team member’s contributions and offers a supportive environment for career development. Come, stay, and grow with us.

We are seeking a skilled and detail-oriented Splunk SIEM Policy Administrator to manage and maintain security policies, configurations, and operational integrity within our Splunk SIEM environment. The ideal candidate will have a strong background in security operations, log management, and policy enforcement, ensuring that our SIEM platform supports effective threat detection, incident response, and compliance requirements

• Utilize Splunk SIEM and CrowdStrike EDR tools to monitor, detect, and respond to security incidents. 

• Develop and execute security monitoring strategies and initiatives, working closely with the SOC management team to align efforts with organizational goals. 

• Administer and maintain Splunk SIEM policies, configurations, and access controls. 

• Develop, implement, and manage correlation rules, alerts, and dashboards to support threat detection and response. 

• Collaborate with SOC analysts, incident responders, and IT teams to fine-tune SIEM use cases and improve detection capabilities. 

• Ensure compliance with internal security standards and external regulatory requirements (e.g., ISO 27001, GDPR, HIPAA). 

• Monitor and optimize data ingestion pipelines, ensuring relevant logs are collected and parsed correctly. 

• Perform regular audits of SIEM configurations, user roles, and data sources. 

• Document policy changes, configurations, and procedures for operational transparency and continuity. 

• Support onboarding of new data sources and integration with other security tools (e.g., EDR, vulnerability scanners). 

• Assist in troubleshooting and resolving issues related to SIEM performance, data gaps, or false positives. 

• Stay updated with the latest security threats, Splunk features, and best practices. 

• Create and maintain standard operating procedures (SOPs) to ensure consistent and effective security operations. 

• Lead the preparation and delivery of weekly presentations to provide executive-level insights into SOC operations, including key metrics, trends, and emerging threats. 

• Take ownership of false positive report preparations, ensuring accurate identification and documentation of false positives to improve detection and response capabilities. 

• Collaborate with the Security Specialist team on high-priority security incidents, providing expertise and assistance as needed to facilitate incident resolution. 

• Flexible to Provide support to 24/7 L1 Monitoring shift members. 

• Bachelor’s degree in computer science, Information Security, or related field. 

• 4+ years of experience in SIEM administration, preferably with Splunk. 

• Strong understanding of security operations, log analysis, and incident response. 

• Experience with Splunk SPL (Search Processing Language) and dashboard creation. 

• Familiarity with enterprise security policies, compliance frameworks, and risk management. 

• Correlation Usecase implementation. 

• Creation of Interactive dashboard. 

• Knowledge of networking protocols, operating systems, and common attack vectors. 

• Incident Response & Triaging the true positive events. 

• Excellent analytical, problem-solving, and communication skills. 

• Excellent communication and presentation skills. 

• Commitment to continuous learning and professional development. 

• Flexibility to work shifts from 1 PM to 10 PM and 3 PM to 12 AM.