Job Description

Job Category: Technology
:
RESPONSIBILITIES:
Splunk Infrastructure & Administration

• Design, deploy, and maintain enterprise solutions and components for Splunk Cloud and on premises environments including Search Heads, Indexers, Forwarders and Deployment Servers
• Manage Splunk high availability configurations
• Deploy, configure, and maintain Splunk Connect for Syslog (SC4S)
• Perform capacity planning, performance tuning, and resource optimization
• Implement and maintain data retention policies and index management strategies
• Oversee Splunk upgrades, patches, and maintenance activities

Data Integration & Management

• Configure and manage universal forwarders, heavy forwarders, and data inputs from diverse sources
• Develop and maintain data parsing, field extractions, and data models
• Create and optimize indexes, source types, and data routing configurations
• Implement data quality controls and validation processes
• Design efficient search strategies and query optimization

Development & Automation

• Develop custom Splunk applications, dashboards, and visualizations
• Create and maintain complex SPL (Search Processing Language) queries and reports
• Build automated monitoring solutions and alerting mechanisms
• Develop Python scripts and REST API integrations for Splunk automation
• Implement Infrastructure as Code (IaC) practices for Splunk deployments

Security & Compliance

• Design and implement security information and event management (SIEM) solutions
• Develop security monitoring use cases and threat detection scenarios
• Create compliance reporting and audit trail mechanisms
• Implement role-based access controls and data classification policies
• Support incident response and forensic investigations

Collaboration & Leadership

• Mentor team members and provide technical guidance
• Collaborate with cross-functional teams
• Lead technical architecture reviews and design sessions
• Participate in on-call rotation and provide escalation support
• Document processes, procedures, and best practices

EDUCATIONAL REQUIREMENTS:
Bachelor's degree in computer science, Information Systems, or equivalent combination of education and experience
Relevant Security Certifications
EXPERIENCE REQUIRED:
A minimum of 10 years of experience.
QUALIFICATIONS, KNOWLEDGE, SKILLS & ABILITIES:

• 7+ years of hands-on Splunk experience including administration and development
• Splunk certifications required: Splunk Core Certified Admin, Splunk Core Certified Power User, Splunk Cloud Certified Admin
• Preferred certifications: Splunk Enterprise Security Certified Admin, Splunk IT Service Intelligence
• Proficiency in SPL (Search Processing Language) and advanced search techniques
• Experience with Splunk Enterprise Security (ES), IT Service Intelligence (ITSI), or other Splunk premium applications
• Strong knowledge of Linux/Unix systems administration
• Scripting experience in Python, Shell, PowerShell, or similar languages

Understanding of networking protocols, log formats, and data sources (syslog, JSON, XML, etc.)
Infrastructure & Tools * Experience with virtualization platforms (VMware, Hyper-V) and cloud environments (AWS, Azure, GCP)

• Knowledge of configuration management tools (Terraform, Ansible, Puppet, Chef)
• Familiarity with containerization technologies (Docker, Kubernetes)
• Experience with load balancers, firewalls, and network security devices

Understanding of database systems and SQL
Security & Compliance * Knowledge of security frameworks (NIST, ISO 27001, PCI-DSS, SOX)

• Experience with threat hunting and incident response procedures
• Understanding of common attack vectors and security monitoring best practices

Familiarity with compliance reporting requirements
Preferred Qualifications

• Bachelor's degree in Computer Science, Information Technology, or related field
• Experience with additional SIEM platforms
• Knowledge of machine learning and statistical analysis techniques
• Experience with DevOps practices and CI/CD pipelines

Industry certifications such as CISSP, GCIH, or equivalent
Technical Environment * Multi-terabyte daily data ingestion

• High-availability clustered deployments
• Integration with enterprise security tools and business applications
• Hybrid cloud and on-premises infrastructure

General skills include:
Strong critical thinking and analytical skills
Ability to approach problem solving in a constructive and collaborative way that does not require absolute security. * The ability to communicate complicated technical issues and risks to programmers, network engineers and managers.

• Strong leadership, project, and team-building skills

Exceptional communication skills with diverse audiences; the ability to be an infrastructure security subject matter expert who can explain relevant topics to general audiences

Skills Required