We are seeking an experienced Splunk professional to manage and optimize Splunk data onboarding, normalization, parsing, and operational management across complex hybrid environments (On-Prem and Cloud). The ideal candidate should have strong hands‐on expertise in Splunk administration, CIM alignment, field extractions, TA deployments, and troubleshooting large-scale ingestion pipelines.
Key Responsibilities
* Lead end-to-end onboarding of new log sources, including parsing, normalization, testing, and deployment
* Configure and manage Splunk components such as Search Heads, Indexers, Forwarders, and Deployment Servers
* Perform CIM normalization and ensure compliance with Splunk Enterprise Security requirements
* Develop and troubleshoot field extractions using props.conf, transforms.conf, regex, JSON/KV parsing, and sourcetype configurations
* Manage and optimize ingestion pipelines, including Syslog, HEC, API-based collection, and cloud log sources
* Monitor ingestion health, indexing performance, queue saturation, and parsing delays
* Deploy and maintain Splunk TAs and apps across distributed and hybrid Splunk environments
* Collaborate with Security and IT teams to ensure data quality and operational reliability
* Support automation and infrastructure provisioning using Ansible, Terraform, Jenkins, Bash, or Python scripting
Required Skills & Experience
* 5–10 years of experience in Splunk Administration and data onboarding
* Strong understanding of Splunk architecture, including SHC, Indexer Clusters, and Forwarder management
* Hands‐on experience with CIM normalization, SPL, field extraction, and parsing strategies
* Expertise in Linux environments (RHEL/Amazon Linux) and AWS services such as EC2, S3, IAM, VPC, and CloudWatch
* Experience with DevOps and automation tools, including Jenkins, Ansible, and Terraform
* Strong troubleshooting skills across ingestion pipelines, timestamp issues, duplicate events, and parsing failures
* Experience working in hybrid Splunk environments (On‐Prem + Cloud)
Preferred Qualifications
* Splunk certifications are highly preferred
* Experience with Splunk Enterprise Security (ES)
* Knowledge of HEC, API ingestion, and modern ingestion tools
* Exposure to ITSI or Observability platforms is an added advantage
#J-18808-Ljbffr