Senior Splunk Admin

Our client is a leading enterprise technology and innovation partner focused on delivering measurable customer impact. In a rapidly evolving landscape, they support some of the world’s most critical organizations in navigating complexity and operating with clarity and confidence.

Key Responsibilities

• Architect, deploy, and optimize end-to-end Splunk solutions covering data ingestion, parsing, indexing, and search performance.

• Build and maintain advanced correlation rules, alerts, dashboards, and visualizations to enable effective security monitoring and incident response.

• Onboard and normalize log sources across infrastructure, security, applications, and cloud platforms using industry best practices (UF, HF, syslog, APIs).

• Perform ongoing platform health checks, including indexer and search head tuning, license utilization monitoring, and configuration backups.

• Translate security use cases and threat scenarios into actionable Splunk queries, detections, and alerts to support threat detection initiatives.

• Troubleshoot ingestion issues, parsing inconsistencies, and inefficient searches to ensure data accuracy and platform stability.

• Collaborate closely with SOC, threat intelligence, and infrastructure teams to maintain data quality, relevance, and coverage.

• Manage and enhance Splunk Enterprise Security (ES) configurations, including CIM alignment, notable events, and risk-based alerting (RBA).

• Define and enforce data retention strategies and storage utilization in line with regulatory and compliance requirements.

• Automate operational tasks and workflows using scripting languages (Python, Bash, PowerShell) and configuration management tools.

• Provide technical leadership, guidance, and mentoring to junior Splunk engineers and security analysts.

Required Skills & Experience

• 5+ years of hands-on SIEM engineering experience, with a minimum of 3 years specializing in Splunk Enterprise or Splunk Cloud.

• Strong proficiency in SPL, data onboarding techniques, and CIM normalization.

• Proven experience integrating a wide range of log sources, including firewalls, endpoint solutions, cloud platforms (AWS, Azure), identity systems, and threat intelligence feeds.

• Solid understanding of security operations, detection engineering, and incident response processes.

• Exposure to Splunk ES, UBA, ITSI, and SOAR platforms is preferred.

• Practical experience with scripting and automation using Python, Bash, or PowerShell.

• Good working knowledge of networking fundamentals, security protocols, and Windows/Linux system administration.

• Familiarity with regulatory and compliance frameworks such as ISO 27001, NCA, SAMA, PCI-DSS, or similar standards.