Job Summary:
We are seeking a skilled Splunk Implementer to deploy configure and optimize Splunk solutions for our organization. The ideal candidate will have experience in implementing Splunk across various environments developing use cases creating dashboards and integrating data sources for effective log analysis and monitoring.
Key Responsibilities:
- Deploy and configure Splunk Enterprise/Splunk Cloud in distributed environments.
- Design and implement Splunk architecture including indexers forwarders and search heads.
- Onboard data sources and create effective data ingestion pipelines.
- Develop Splunk queries reports dashboards alerts and custom visualizations.
- Optimize Splunk performance including index management data retention policies and search performance tuning.
- Work with security and IT teams to integrate Splunk with other security tools such as SIEM firewalls and threat intelligence platforms.
- Develop and implement log parsing field extractions and custom searchtime transformations.
- Create and maintain Splunk knowledge objects like lookup tables event types workflow actions and macros.
- Troubleshoot and resolve Splunkrelated issues ensuring system stability and performance.
- Provide documentation training and support for Splunk users across different teams.
- Stay updated on Splunk best practices addons and new feature releases.
Qualifications & Experience:
- Bachelors degree in Computer Science Information Technology Cybersecurity or a related field (preferred).
- 1 years of experience in Splunk implementation administration and optimization.
- Strong expertise in Splunk SPL (Search Processing Language).
- Experience with log collection parsing and normalization from various sources.
- Knowledge of security frameworks and monitoring tools (SIEM IDS/IPS firewalls etc..
- Familiarity with scripting languages like Python Shell or PowerShell for automation.
- Experience with data onboarding via Universal Forwarders Heavy Forwarders Syslog APIs or DB Connect.
- Handson experience with Splunk Enterprise Security (ES) or IT Service Intelligence (ITSI) is a plus.
- Splunk certification (e.g. Splunk Certified Administrator Splunk Certified Architect) is preferred.
Soft Skills:
- Strong analytical and problemsolving skills.
- Ability to work independently and in a teamoriented environment.
Excellent communication and documentation skills.