We are seeking a highly skilled and experienced Splunk Engineer with a strong background in Security. The successful candidate will be responsible for designing, implementing, and managing our Splunk infrastructure in a hybrid cloud large scale environment.
Your key tasks
- Design, implement, and manage the Splunk infrastructure.
- Deploy and manage Splunk indexer clusters and search head clusters.
- Performing optimization of existing clustered Splunk deployments.
- Monitor operations of Splunk platform to enable proactive issue identification, response, and resolution.
- Integrate Splunk with a wide variety of legacy data sources, industry leading commercial security tools and Cloud Service provider facilities.
- Build Splunk Technology Add-ons.
- Build custom script in the following languages (Python, Bash, PowerShell, VBscripts).
- Build Splunk apps to be deployed on thousands of Splunk Universal Forwarders.
- Interact with REST API endpoints.
- Interact with RBDMS in SQL.
- Effectively and efficiently onboard data sources, create indexes and data model, create CIM compliant data mapping, establish health monitoring and KPIs.
- Manage Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts. etc.)
- Manage Splunk Role Based Access Control.
- Onboard Threat Intelligence feeds and correlate with data.
- Assist Security Analysts providing them consultancy to leverage the Splunk environment.
- Drive the operational model transformation of SecOps.
- Identify technology gaps, security gaps, develop solutions and make recommendations for continuous improvement.
- Develop and maintain documentation for Splunk infrastructure and processes.
- Work closely with IT, security, and operations teams to understand their requirements and provide Splunk solutions
- Provide training and support to end-users on how to use Splunk effectively.