Splunk Developer

Job Description

Splunk Developer Technical Lead (ITSI)

Location: 2 days at Edinburgh

Role Summary

We are seeking an experienced Splunk Developer Technical Lead with strong handson expertise in Splunk Enterprise IT Service Intelligence (ITSI) and Observability. The role requires deep technical knowledge combined with design leadership stakeholder engagement and production responsibility across complex enterprise platforms.

The candidate will lead Splunk solution design mentor junior developers and work closely with operations SRE and application teams to deliver scalable monitoring service health and analytics solutions.

Key Responsibilities

Technical Leadership

• Act as Technical Lead for Splunk implementations across monitoring observability and service intelligence use cases.
  
• Own endtoend Splunk solution design including data onboarding data models dashboards alerts and ITSI objects.
  
• Review and govern Splunk development standards SPL performance and configuration best practices.
  
• Provide technical guidance mentoring and code reviews for Splunk developers and support teams.
  

Splunk Core & ITSI

• Design and implement Splunk ITSI components including:
  
• Services & service hierarchies
  
• KPIs & thresholds
  
• Glass Tables
  
• Episode review and correlation search tuning
  
• Build servicecentric monitoring aligned to business and application landscapes.
  
• Configure entity extraction service templates and adaptive thresholds.
  

Data Onboarding & Engineering

• Lead onboarding of diverse data sources:
  
• Application logs infrastructure metrics APM data cloud logs and security events
  
• Design and optimise:
  
• Indexing strategy
  
• Source types and field extractions
  
• Data models and CIM compliance
  
• Ensure SPL queries and dashboards are performant and scalable.
  

Dashboards Alerts & Analytics

• Develop advanced dashboards using:
  
• Splunk Dashboard Studio / Classic dashboards
  
• Design meaningful alerts using:
  
• Correlation searches
  
• Riskbased alerting principles
  
• Translate operational and business requirements into actionable insights.
  

Observability & Production Support

• Integrate Splunk with enterprise observability tools (APM infrastructure monitoring cloud platforms).
  
• Support production incidents using Splunk driving rootcause analysis and postincident reviews.
  
• Improve alert quality by reducing noise and false positives.
  

Stakeholder & Delivery Engagement

• Collaborate with:
  
• SRE / Ops teams
  
• Application & platform teams
  
• Service Management & ITIL functions
  
• Translate monitoring requirements into scalable technical solutions.
  
• Participate in architecture discussions audits and compliance reviews.
  

Required Skills & Experience

Splunk Expertise

• Strong handson experience with Splunk Enterprise
  
• Proven experience with Splunk ITSI (mandatory):
  
• KPI design and service modelling
  
• Glass Tables
  
• Episode review & RCA workflows
  

Technical Skills

• Excellent command of SPL (Search Processing Language)