Responsibilities
- Architect, deploy, and maintain Splunk solutions to enable enterprise monitoring, security analytics, and data-informed decisions
- Install, configure, and upgrade Splunk components, including clustering, indexing, and distributed environments
- Oversee Indexers, Search Heads, Deployment Servers, Forwarders, and cluster operations
- Ensure Splunk systems are highly available, scalable, and optimized for performance
- Set up and manage data collection from diverse sources such as servers, apps, databases, APIs, cloud services, and security devices
- Develop and maintain strategies for parsing, indexing, and field extraction
- Connect Splunk with external monitoring and security platforms
- Build interactive dashboards, alerts, reports, and data visualizations
- Design monitoring solutions based on KPIs for business and operations teams
- Write advanced searches, SPL queries, and data correlation logic
- Create automated scripts and workflows to improve operational efficiency
- Tune indexing, search speed, and storage usage
- Diagnose and resolve root causes of platform issues
- Produce technical documentation including architecture diagrams, data flows, SOPs, and knowledge transfer materials
- Ensure clear handover documentation for support and operations teams
- Collaborate with client teams, architects, security specialists, and project managers
- Provide technical leadership and mentorship to team members
- Engage in solution design, requirement analysis, and implementation planning
Requirements
- Proven practical experience with Splunk Enterprise
- Deep knowledge of SPL (Search Processing Language)
- Familiarity with Linux/Unix system administration
- Experience using scripting languages like Python, Shell, or PowerShell
- Understanding of log management, SIEM, and observability principles
- Experience working with APIs, integrations, and automation tools
Nice to Have
- Familiarity with cloud platforms such as AWS, Azure, or GCP is beneficial
