Splunk Engineer

Senior Splunk Engineer

Company:

About the Role:

Splunk Level 3 Engineer

Key Responsibilities:

Splunk Architecture & Administration:

• Design, deploy, and manage large-scale Splunk environments (Enterprise Security, ITSI, Observability, Cloud, or Hybrid).
• Configure and optimize Splunk components such as indexers, search heads, forwarders, and clustering.
• Implement best practices for data ingestion, parsing, and indexing to ensure high availability and performance.

Security & Observability:

• Develop and manage Splunk dashboards, alerts, and reports for security monitoring (SIEM), IT operations, and business analytics.
• Integrate Splunk with various security tools (SOAR, EDR, Firewalls, IDS/IPS) to enhance threat detection and response.
• Implement anomaly detection, predictive analytics, and correlation searches.
• Implement logging best practices for

  Linux servers

  , applications, and containers.

Automation & Optimization:

• Automate Splunk deployments using Infrastructure-as-Code (IaC) tools such as

  Ansible, Terraform, or Python scripts

  .
• Tune searches, optimize queries, and improve system efficiency to handle high-volume data ingestion.
• Develop Splunk apps and custom scripts for data enrichment and automation.

Collaboration & Support:

• Work closely with Security, DevOps, and Infrastructure teams to integrate Splunk into enterprise workflows.
• Provide technical leadership, mentorship, and training to junior Splunk engineers.
• Troubleshoot Splunk performance issues, logs, and data pipeline challenges.

Qualifications & Skills:

Must-Have:

• 5+ years of hands-on Splunk engineering experience

  (design, deployment, tuning, and troubleshooting).
• Expertise in

  Splunk architecture, SPL (Search Processing Language), and dashboard development

  .
• Experience with

  Splunk Enterprise Security (ES), IT Service Intelligence (ITSI), or Splunk Observability Suite

  .
• Strong scripting skills (

  Python, Bash, PowerShell

  ) for automation and data enrichment.
• Familiarity with

  Linux security hardening and system auditing

  .

Preferred:

• Experience with cloud-based Splunk (AWS, Azure, GCP) and integrations with cloud-native logging solutions.
• Familiarity with Infrastructure-as-Code (

  Terraform, Ansible

  ) and CI/CD pipelines.
• Certifications such as

  Splunk Certified Admin, Splunk Certified Architect, Splunk Certified Security Analyst, or RHCE (Red Hat Certified Engineer)

  .