Splunk Data Administrator
Location: Melbourne VIC
Contract: 6+ Month Contract
Daily Rate: Competitive
About the Role
We are working with a global consulting organisation delivering large-scale programs across government and enterprise environments. They are seeking a mid to senior Splunk Data Administrator to take ownership of data onboarding, normalization, and overall data quality across a complex hybrid Splunk environment (on-premise and cloud).
This is a hands‐on role suited to someone who thrives in complex environments and enjoys working across the full data lifecycle, from ingestion through to optimisation and governance.
Key Responsibilities
* Lead end-to-end onboarding of log sources, including requirements gathering, parsing, testing, and deployment
* Drive CIM normalization and ensure alignment with Splunk data models to support security and operational use cases
* Design and implement field extractions using regex, props.conf, transforms.conf, and structured parsing techniques
* Manage and optimise Splunk data pipelines across hybrid environments, ensuring performance, reliability, and data quality
* Configure and maintain Splunk components including Search Heads, Indexers, forwarders, and deployment infrastructure
* Monitor ingestion performance, troubleshoot issues, and implement best practices for data governance and lifecycle management
Skills & Experience
* 5–10 years' experience in Splunk administration and data onboarding
* Strong expertise in:
o CIM normalization, data modelling, and SPL validation
o Field extraction, parsing, and sourcetype configuration
o Splunk architecture including Search Heads, Indexers, clusters, and forwarders
* Experience working in complex or hybrid Splunk environments (on-premise and cloud)
* Knowledge of Linux environments (RHEL, Amazon Linux)
* Exposure to AWS services such as EC2, S3, IAM, and CloudWatch is highly regarded
* Experience with automation tools such as Ansible, Terraform, or CI/CD pipelines is advantageous
Nice to Have
* Splunk certifications (Admin, Power User, ES Admin)
* Experience with Splunk Enterprise Security (ES)
* Familiarity with modern ingestion methods such as HEC, APIs, or cloud‐native logging tools
Candidate Requirements
* Based in Melbourne or willing to relocate
* Australian working rights required
* Open to Working Holiday Visa holders
* No local experience required
Why Apply?
* Opportunity to work on large-scale, enterprise Splunk environments
* Exposure to modern cloud and hybrid architectures
* Supportive team environment with strong onboarding and knowledge sharing
* Ideal entry point into the Australian market with a global employer
#J-18808-Ljbffr