The ideal candidate will work primarily on Splunk Administration (L2 Support) however experience of development will be an add-on.
Job Description and key skills:
-
Implement and manage Splunk applications and add-ons version upgrades and lifecycle management, including versioning for applications such as Sanity and Compliance platforms.
-
Perform data onboarding, parsing, normalization, and STIX-based input/output integration for security and compliance use cases.
-
Design, develop, optimize, and troubleshoot Splunk dashboards, searches, alerts, and reports to improve operational visibility and performance.
-
Manage and optimize Splunk configurations including inputs.conf, props.conf, transforms.conf, and other deployment configurations.
-
Monitor and maintain Splunk infrastructure components such as Indexers, Search Heads, Forwarders, and Cluster environments to ensure high availability, performance, and data integrity.
-
Investigate incidents, perform root cause analysis (RCA), resolve operational issues independently, and escalate complex cases to L3 support when required.
-
Execute controlled deployments of Splunk apps, add-ons, knowledge objects, and configuration changes across environments.
-
Collaborate with application teams, data owners, and analysts for onboarding, validation, troubleshooting, and optimization of log sources.
-
Configure and support integrations with enterprise platforms including ServiceNow, AWS, Azure, GCP, DB Connect, ITSI, Akamai, ServiceNow, Okta Identity
-
Handle user provisioning, RBAC access management, and security governance within Splunk environments.
-
Monitor indexing latency, ingestion rates, storage utilization, and overall platform health; identify and resolve performance bottlenecks proactively.
-
Automate routine administrative and operational tasks using Bash, Python, PowerShell, and scripting techniques.
-
Support CI/CD pipelines implementation and DevSecOps practices using tools such as GitHub, Jenkins, and cloud-native integrations.
-
Work collaboratively with cross-functional teams and other projects within the 3SIP program to ensure alignment and successful delivery.
-
Create and maintain technical documentation, operational procedures, deployment guides, and knowledge base articles.
-
Apply strong understanding of Splunk architecture, distributed deployments, CIM, SIEM concepts, and ITIL best practices for incident, problem, and change management.
-
Utilize technical knowledge in Linux, Windows, SQL Server, REGEX, SPL, XML, JavaScript, Python, Agile methodologies, and architectural design principles to support enterprise monitoring solutions.
-
Contribute to continuous improvement initiatives, operational excellence, and monitoring best practices across the Splunk ecosystem.
Tools: Splunk, ServiceNow, GitHub, Terraform, AWS, GCP, Ansible
Certifications:-
-
Splunk Core Certified User / Splunk Core Certified Power User
-
Splunk Enterprise Certified Admin
-
Splunk Cloud Certified Admin
Total Experience Expected: 04-06 years
