Job Description
· Splunk Architecture & Administration: Minimum 4+ years of experience designing, implementing, and administering Splunk environments, including Splunk Enterprise, Splunk Cloud, Splunk o11y and Splunk Enterprise Security (ES).
· Splunk Accreditation : Must be Splunk Core Certified Consultant (Current & Valid).
· Splunk Cloud Migration : Experience in successfully migrating on-premise Splunk instances to Splunk Cloud, optimizing performance and scalability.
· Data Ingestion & Log Management: Expertise in onboarding various log sources, configuring Splunk forwarders (Universal & Heavy), and deploying Syslog servers for data ingestion from Cisco devices, Palo Alto, AWS services, Azure, and containers like (Docker, Kubernetes)
· Splunk App & Dashboard Development: Developing custom Splunk dashboards, reports, and alerts using SPL, XML, and Python scripts to enhance data visualization and monitoring.
· SIEM & Security Operations: Configured and administered Splunk Enterprise Security (ES), built correlation searches, and integrated security logs for proactive threat detection and incident response.
· Scripting & Automation: Strong scripting skills in Python, Bash, Shell, and PowerShell for automation, REST API integration, and log ingestion.
· Performance Tuning & Optimization: Hands-on experience in Splunk cluster management, indexer tuning, and optimizing SPL queries for high availability and efficient search performance.