Roles & Responsibilities

• Design and optimize Splunk implementations for large-scale, distributed deployments.
• Develop and deploy Splunk Premium and custom apps, ensuring best practices for implementation.
• Manage data onboarding and configuration for security platforms.
• Create and manage Splunk dashboards, reports, and search alerts.
• Work with Splunk on feature requests, upgrades, and roadmap alignment.
• Propose and implement innovative security and compliance use cases.
• Conduct data interpretation, classification, and enrichment.
• Manage and configure knowledge objects (fields, extractions, tags, lookups, macros).
• Implement summary-based reports and accelerate data models.
• Provide functional backup for system tools/utilities and contribute to cross-functional teams.
• Work in an Agile environment, meeting aggressive delivery timelines.

Technical Skills

• Extensive experience with Splunk Enterprise Security administration and deployment.
• Expertise in Splunk Cloud Administration, Single Site/Multi-Site distributed deployments.
• Strong knowledge of Splunk SPL language for cybersecurity correlation rule creation.
• Experience with Splunk Data Model (CIM), field extractions, regular expressions, and knowledge objects development.
• Proficiency in data onboarding for security devices, OS platforms, and application logs.
• Management of Splunk HF/UF, HEC, and TA-addons installation and configuration.
• Experience in Splunk DB Connect and troubleshooting.
• Strong understanding of the MITRE framework and threat modeling.

Preferred Qualifications

• Splunk Admin or Architect Certification preferred.
• Proficiency in scripting languages like Python, PowerShell, or JavaScript for automation.
• Strong analytical, problem-solving, and troubleshooting abilities.
• Familiarity with DevOps principles and continuous delivery pipelines.
• Experience with security event analysis and threat detection.
• Excellent time management, organizational, and project management skills.

Posted By