This role is part of Cognizant's strategic engagement with one of our most marquee global technology clients — a world leader in enterprise networking, cybersecurity, and observability platforms. As a Splunk Tech Lead, you will be a senior pillar of Cognizant's Splunk centre of excellence, driving platform engineering, team capability, and delivery excellence at enterprise scale.
About the Role
We are seeking an experienced and technically exceptional Splunk Tech Lead to lead the design, implementation, and optimisation of Splunk solutions across our enterprise environment. This is a high-visibility role that blends deep technical ownership with team leadership — you will be the highest level of Splunk technical escalation while shaping how the platform is built, governed, and scaled.
What You Will Do
Platform Architecture & Engineering
Architect, manage, and support distributed Splunk environments including indexers, search heads, deployment servers, cluster masters, license masters, and forwarders
Lead the implementation and ongoing support of Indexer Clustering and Search Head Clustering to ensure high availability and disaster recovery
Perform Splunk upgrades, patches, and migrations including version upgrades and on-premises to cloud transitions, ensuring minimal service disruption
Conduct regular Splunk health checks, audits, and capacity assessments to ensure platform stability and scalability
Participate in capacity planning, system scaling, and performance tuning activities
Data Onboarding & Integration
Manage data onboarding and ingestion pipelines including Universal and Heavy Forwarders, HTTP Event Collector (HEC), syslog, and API-based integrations
Configure and maintain Splunk knowledge objects including field extractions, event types, tags, lookups, macros, and CIM compliance
Ensure data quality and consistency by validating timestamping, parsing rules, sourcetypes, and index configurations across all data sources
Integrate Splunk with SIEM, SOAR, ITSM tools, cloud platforms (AWS/Azure/GCP), and third-party monitoring and security solutions
Collaborate with cross-functional teams to gather requirements and ensure effective integration of Splunk with other tools and systems
Search, Dashboards & Reporting
Design, implement, and optimise Splunk searches, dashboards, alerts, and reports to support business operations
Develop advanced SPL queries with a strong focus on performance optimisation and complex query design
Develop and maintain custom Splunk apps, add-ons, and configurations to meet organisational requirements
Security & Compliance
Implement and maintain role-based access control (RBAC), authentication (LDAP/SAML), and authorisation models in alignment with security policies
Ensure adherence to industry standards, security policies, and best practices for Splunk configuration and data handling
Implement Splunk-based solutions for security monitoring, data analysis, and log aggregation
Operations & Governance
Monitor, analyse, and optimise Splunk platform performance including indexing throughput, search performance, resource utilisation, and licence usage
Lead troubleshooting and root cause analysis for critical incidents, serving as the highest level of Splunk technical escalation
Establish and maintain operational runbooks, SOPs, and support processes for Splunk platform operations
Prepare and present detailed technical documentation, reports, and recommendations to stakeholders
Team Leadership & Mentorship
Manage and mentor a team of Splunk engineers, providing guidance and training to enhance their skills and capabilities
Stay current on the latest developments and best practices in Splunk technologies and security
Foster a culture of technical excellence, accountability, and continuous improvement
What You Bring
Deep expertise in distributed Splunk architectures including indexer clustering, search head clustering, and deployment server management
Strong proficiency in SPL including performance optimisation and complex query design
Hands-on experience with data ingestion, data normalisation, and integrating external data sources with Splunk
In-depth knowledge of Splunk architecture, cluster management, and scaling
Experience managing and troubleshooting large-scale distributed Splunk environments
Strong understanding of log management, monitoring, and data analytics concepts
Familiarity with ITIL processes and security best practices
Excellent problem-solving, analytical, and communication skills
Proven ability to lead, mentor, and coach technical teams effectively
Technical Skills Splunk Enterprise/Cloud · SPL · Indexer Clustering · Search Head Clustering · HEC · LDAP/SAML · RBAC · CIM · AWS/Azure/GCP · SIEM/SOAR · ITSM Tools · Python · Shell Scripting · JIRA · Git
