We are looking for a highly skilled Splunk Engineer to design, implement, administer, and optimize enterprise Splunk environments. The ideal candidate will have hands-on experience with Splunk Enterprise, Splunk Enterprise Security (ES), log management, SIEM, security monitoring, and automation. The role involves building scalable logging solutions, developing detection use cases, and supporting Security Operations Center (SOC) initiatives.
Key Responsibilities
Design, deploy, configure, and administer Splunk Enterprise and Splunk Enterprise Security (ES).
Install and maintain Splunk components, including Indexers, Search Heads, Forwarders, Deployment Servers, and Cluster Managers.
Develop and optimize Splunk dashboards, reports, alerts, and visualizations.
Create and maintain SPL (Search Processing Language) queries, correlation searches, and detection rules.
Integrate log sources from Windows, Linux, cloud platforms, firewalls, databases, applications, and network devices.
Configure and manage data ingestion, parsing, indexing, retention, and storage optimization.
Monitor the health, performance, and scalability of Splunk infrastructure.
Support security monitoring, threat detection, incident investigation, and forensic analysis.
Integrate Splunk with SOAR platforms, threat intelligence feeds, and third-party security tools.
Collaborate with SOC analysts, security engineers, and infrastructure teams to enhance detection capabilities.
Troubleshoot ingestion issues, performance bottlenecks, and platform-related problems.
Perform upgrades, patching, backup, disaster recovery, and capacity planning.
Create technical documentation, operational runbooks, and knowledge base articles.
Technical Skills
Mandatory Skills
Splunk Enterprise
Splunk Enterprise Security (ES)
Splunk Search Processing Language (SPL)
SIEM Administration
Log Management
Security Monitoring
Correlation Searches
Dashboards & Reporting
Universal Forwarders
Heavy Forwarders
Indexers & Search Heads
Deployment Server
Cluster Management
Windows Server Administration
Linux Administration
Syslog
REST APIs
PowerShell
Python
TCP/IP Networking
Good to Have
Splunk SOAR (Phantom)
Splunk ITSI
Splunk UBA (User Behavior Analytics)
Microsoft Sentinel
Microsoft Defender XDR
CrowdStrike Falcon
Palo Alto Networks
QRadar
ArcSight
Elastic Stack (ELK)
AWS CloudWatch
Azure Monitor
Kubernetes
Docker
ServiceNow Integration
MITRE ATT&CK Framework
Required Qualifications
Bachelor's degree in Computer Science, Information Technology, Cybersecurity, Engineering, or a related field.
4–8 years of experience in Splunk Administration, SIEM Engineering, or Security Operations.
Strong hands-on experience with Splunk Enterprise and Splunk Enterprise Security (ES).
Experience onboarding diverse log sources and developing correlation rules.
Strong understanding of SIEM architecture, security monitoring, and incident response.
Knowledge of Windows, Linux, networking, cloud platforms, and cybersecurity fundamentals.
Experience with scripting (PowerShell or Python) for automation.
Excellent analytical, troubleshooting, and problem-solving skills.
Strong communication and documentation skills.
Preferred Certifications
Splunk Core Certified Power User
Splunk Enterprise Certified Admin
Splunk Enterprise Certified Architect
Splunk Certified Cybersecurity Defense Analyst
Microsoft Certified: Security Operations Analyst Associate (SC-200)
Microsoft Certified: Azure Security Engineer Associate (AZ-500)
CompTIA CySA+
Certified Information Systems Security Professional (CISSP) (Preferred)