Splunk Developer

Key Responsibilities:

• Splunk Development & Administration

• Design, develop, and implement custom Splunk dashboards, reports, alerts, and data models.
  
• Create advanced SPL (Search Processing Language) queries for data analysis, reporting, and visualization.
  
• Maintain and manage Splunk apps, add-ons, and knowledge objects (lookups, macros, field extractions).
  
• Optimize and fine-tune Splunk performance, indexing, and searches for efficiency.
  

• Data Onboarding & Integration

• Ingest and normalize logs, metrics, and events from multiple sources into Splunk.
  
• Develop and maintain parsing, extraction, and enrichment of data for actionable insights.
  
• Integrate Splunk with third-party tools (e.g., ServiceNow, AWS, Azure, SIEM, etc.).
  

• Security & Monitoring

• Support Security Operations Center (SOC) by creating security use cases, alerts, and incident response dashboards.
  
• Develop correlation rules and anomaly detection for proactive threat identification.
  
• Collaborate with security and infrastructure teams to ensure compliance and governance.
  

• Troubleshooting & Support

• Troubleshoot issues related to Splunk performance, indexing delays, and search errors.
  
• Provide support to end-users in creating meaningful visualizations and reports.
  
• Monitor system health, capacity, and performance metrics.
  

• Collaboration & Best Practices

• Work with cross-functional teams to identify monitoring and logging requirements.
  
• Define best practices for Splunk development, deployment, and usage across the organization.
  
• Prepare and maintain technical documentation, playbooks, and runbooks.
  

Required Skills & Qualifications:

• Bachelors degree in Computer Science, Information Technology, or related field.
  

• 5+ years of hands-on experience in Splunk development and administration.

• Strong proficiency in

  SPL (Search Processing Language)

  and Splunk query optimization.
• Expertise in creating complex dashboards, alerts, and scheduled reports.
  
• Experience with

  data onboarding, parsing, and log enrichment

  .
• Solid understanding of

  IT infrastructure, networks, operating systems, and security concepts

  .
• Knowledge of

  Splunk Enterprise Security (ES)

  and

  IT Service Intelligence (ITSI)

  is a strong plus.
• Hands-on experience with

  Linux/Unix systems administration

  .
• Familiarity with scripting languages (Python, Shell, or PowerShell) for automation.
  
• Experience with

  cloud logging solutions

  (AWS CloudWatch, Azure Monitor, GCP logging) preferred.
• Strong problem-solving, troubleshooting, and analytical skills.
  
• Excellent communication and collaboration abilities.
  

Good to Have (Preferred Skills):

• Splunk Certified Power User / Splunk Certified Admin / Splunk Certified Architect.
  
• Experience with containerized environments (Docker, Kubernetes).
  
• Familiarity with DevOps and CI/CD pipeline integration with Splunk.
  
• Exposure to big data technologies (Hadoop, Kafka, ElasticSearch).