Splunk Certified Implementation Engineer

Position Overview:

Our client is seeking a highly motivated and experienced Splunk Certified Implementation Engineer to join their team. A Splunk implementation engineer sets up configures and integrates Splunk software so organizations can collect monitor and analyze their machine and security data effectively.

Key responsibilities:

Splunk Architecture & Implementation

• End-to-end Splunk deployments from environment scoping and architecture blueprinting through production cutover
• Implement install and configure Splunk components.
• Implement federated search and analytics pipelines enabling data-in-place querying.
• Build and tune data onboarding pipelines: configure and to normalize multi-vendor log sources at ingestion time into Splunk CIM-compliant data models.
• Develop and optimize SPL queries macros and scheduled searches to power operational detection use cases.

Cisco Data Fabric & Security Stack Integration

• Implement Splunk data ingestion pipelines from the Cisco security product suite: Cisco Secure Firewall (ASA/FTD) Cisco Secure IDS/IPS Cisco Identity Services Engine (ISE) Cisco Umbrella and Cisco Thousand Eyes network intelligence telemetry.
• Configure and validate Cisco Secure Endpoint and Cisco Threat Grid integration with Splunk ES for advanced malware telemetry correlation.
• Cisco Meraki Cisco Secure Network Analytics Cisco XDR.

Operations & Day-to-Day Platform Management

• Perform platform health and operational stability.
• Perform capacity planning index lifecycle management and Machine Data Lake tiering strategy to control costs without compromising retention SLAs.
• Execute Splunk version upgrades patch deployments and configuration management across all tiers using structured change management processes.

Broader Security Platform Responsibilities

• Manage and optimize next-generation security controls: Cisco Secure Firewall Palo Alto Networks NGFWs Fortinet FortiGate VPN concentrators Email/Web Security Gateways and EDR/XDR platforms.
• Support Privileged Access Management (PAM) solutions and Database Activity Monitoring (DAM) platforms such as IBM Guardium as part of a holistic defense-in-depth security architecture.
• Lead client-facing implementation workshops present technical architectures and security findings to both engineering and executive stakeholders and deliver structured knowledge transfer sessions to upskill client security teams.
• Maintain accurate project documentation: HLD/LLD design artifacts runbooks architecture diagrams and post-implementation reports.

Technical requirements:

Splunk Platform Expertise

• 5 years of hands-on Splunk implementation experience in enterprise environments including distributed multi-site deployments.
• Proven ability to architect and deploy distributed Splunk infrastructures: Indexer Clusters Search Head Clusters Heavy Forwarder pools Deployment Server hierarchies and Machine Data Lake tiers.
• Deep familiarity with Splunk Enterprise Security (ES): correlation searches threat intelligence management adaptive response Risk-Based Alerting (RBA) and risk scoring frameworks.
• Working knowledge of Cisco Data Fabric architecture: federated search capabilities data-in-place analytics and the evolution from full-ingestion to hybrid/federated SIEM pipeline patterns.
• Familiarity with Splunk AI Toolkit AI-assisted investigation workflows and SOAR playbook development using Splunk SOAR is strongly advantageous.

Cisco & Network Security (Required)

• Hands-on experience integrating Cisco security products with Splunk: Secure Firewall (ASA/FTD) Secure IDS/IPS ISE Secure Endpoint Umbrella ThousandEyes and Secure Network Analytics.
• Strong understanding of Cisco security event logging formats (syslog eStreamer REST/API telemetry) and their normalization into Splunk CIM data models.
• Working knowledge of network security fundamentals: firewall policy management IDS/IPS tuning and VPN configuration.
• Experience with additional NGFW platforms including Palo Alto Networks and Fortinet is advantageous.

Qualifications:

• Bachelors degree in computer science Information Technology or a related field or equivalent demonstrable experience.
• Minimum 5 years of technical experience in cybersecurity implementation and professional services delivery.
• Strong client-facing skills: ability to present complex security architectures to both engineering and executive audiences.
• Excellent written and verbal communication skills in English; Arabic proficiency is advantageous for client engagements in Oman.

Certifications:

Splunk Cybersecurity Defense Track Security Operations Focus

• Splunk Certified Cybersecurity Defense Analyst
• Splunk Certified Cybersecurity Defense Engineer
• Splunk Certified Cybersecurity Defense Architect

Splunk Platform Administration Track Infrastructure / Deployment Focus

• Splunk Enterprise Certified Admin
• Splunk Enterprise Security Certified Admin
• Splunk Enterprise Certified Architect
• Splunk SOAR Certified Automation Developer

Cisco Security Certifications

• Cisco Certified (CCIE Security)
• Cisco Certified (CCNP Security)

Broader Security Certifications

• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• GIAC Security Operations Certified (GSOC)