Senior Splunk Admin

Overview

Key Responsibilities

• Architect, deploy, and optimize end-to-end Splunk solutions covering data ingestion, parsing, indexing, and search performance.
• Build and maintain advanced correlation rules, alerts, dashboards, and visualizations to enable effective security monitoring and incident response.
• Onboard and normalize log sources across infrastructure, security, applications, and cloud platforms using industry best practices (UF, HF, syslog, APIs).
• Perform ongoing platform health checks, including indexer and search head tuning, license utilization monitoring, and configuration backups.
• Translate security use cases and threat scenarios into actionable Splunk queries, detections, and alerts to support threat detection initiatives.
• Troubleshoot ingestion issues, parsing inconsistencies, and inefficient searches to ensure data accuracy and platform stability.
• Collaborate closely with SOC, threat intelligence, and infrastructure teams to maintain data quality, relevance, and coverage.
• Manage and enhance Splunk Enterprise Security (ES) configurations, including CIM alignment, notable events, and risk-based alerting (RBA).
• Define and enforce data retention strategies and storage utilization in line with regulatory and compliance requirements.
• Automate operational tasks and workflows using scripting languages (Python, Bash, PowerShell) and configuration management tools.
• Provide technical leadership, guidance, and mentoring to junior Splunk engineers and security analysts.

Required Skills & Experience

• 5+ years of hands-on SIEM engineering experience, with a minimum of 3 years specializing in Splunk Enterprise or Splunk Cloud.
• Strong proficiency in SPL, data onboarding techniques, and CIM normalization.
• Proven experience integrating a wide range of log sources, including firewalls, endpoint solutions, cloud platforms (AWS, Azure), identity systems, and threat intelligence feeds.
• Solid understanding of security operations, detection engineering, and incident response processes.
• Exposure to Splunk ES, UBA, ITSI, and SOAR platforms is preferred.
• Practical experience with scripting and automation using Python, Bash, or PowerShell.
• Good working knowledge of networking fundamentals, security protocols, and Windows/Linux system administration.
• Familiarity with regulatory and compliance frameworks such as ISO 27001, NCA, SAMA, PCI-DSS, or similar standards.