Splunk Admin - Securities

Splunk Engineer / Administrator Security Focus

Location:

CTC:

Experience:

Role Overview

Splunk Engineer/Administrator

Key Responsibilities

• Splunk Administration & Engineering:

• Install, configure, upgrade, and maintain Splunk Enterprise/Enterprise Security (ES).
• Manage Splunk components (indexers, search heads, heavy/universal forwarders, deployment server).
• Onboard data sources, parse logs, create field extractions, and optimize ingestion pipelines.
• Ensure Splunk platform performance, availability, and scalability.
  

• Security & Use Case Development:

• Develop and enhance security use cases, alerts, dashboards, and correlation rules in Splunk.
• Work closely with SOC teams to deploy detection logic, escalation rules, and threat hunting dashboards.
• Perform security incident analysis and triage using Splunk ES.
  

• Deployment & Integration:

• Drive Splunk deployments for new use cases and applications across customer environments.
• Collaborate with IT/security stakeholders to integrate Splunk with SIEM, SOAR, IAM, and other security tools.
  

• Operations & Support:

• Perform advanced troubleshooting of Splunk ingestion and search performance issues.
• Automate admin tasks using scripting (Python, Shell, or PowerShell).
• Support patching, upgrades, license management, and access control.
  

• Collaboration & Innovation:

• Partner with Deloitte internal teams and client stakeholders to deliver security-focused Splunk solutions.
• Leverage industry best practices to improve Splunk adoption and optimize operational efficiency.
  

Must-Have Skills

• 4+ years of IT experience with

  3+ years in Splunk administration/engineering

  .
• Proven expertise in

  Splunk Enterprise/Enterprise Security administration

  (indexer/search head clustering, forwarder management, upgrades).
• Strong knowledge of

  log ingestion, parsing, and data onboarding

  .
• Hands-on experience in building

  security detections, dashboards, correlation rules

  .
• Good understanding of

  security operations workflows

  (SOC, SIEM, incident response).
• Proficiency with

  Linux/Unix environments

  and basic

  scripting

  (Python, Shell, PowerShell).
• Excellent troubleshooting and performance tuning skills.
  

Good-to-Have Skills

• Splunk Certified Admin / Architect / Power User.
• Knowledge of

  cloud-hosted Splunk (AWS/Azure/GCP)

  .
• Familiarity with SOAR tools (Phantom, XSOAR, etc.).
• Exposure to enterprise security frameworks (MITRE ATT&CK, NIST, ISO 27001).