Splunk Core & Enterprise Security Consultant

About The Position

Requirements

• Splunk Core Certified Consultant (required)
• Splunk Enterprise Security Certified (required)
• Splunk ITSI Accreditation (required)
• Proven experience administering and maintaining Splunk Core and ES environments
• Hands-on experience with ITSI implementation and configuration
• Strong understanding of Splunk architecture, search processing, and data pipelines
• Experience with correlation searches, notable events, and incident response workflows
• Proficiency in SPL (Search Processing Language)

Nice To Haves

• Experience in large-scale or enterprise Splunk deployments
• Knowledge of IT operations, monitoring frameworks, and service health modeling
• Familiarity with scripting (Python, Bash) for automation
• Experience integrating Splunk with third-party tools and data sources

Responsibilities

• Maintain and support Splunk Core and Enterprise Security (ES) environments to ensure optimal performance, reliability, and scalability
• Perform system monitoring, troubleshooting, and performance tuning across Splunk infrastructure
• Manage data onboarding, parsing, indexing, and normalization within Splunk
• Support security operations through ES use case development, correlation searches, and dashboard creation
• Assist with the implementation, configuration, and optimization of Splunk ITSI
• Develop and maintain ITSI services, KPIs, glass tables, and episode review workflows
• Collaborate with stakeholders to align Splunk capabilities with business and operational requirements
• Ensure adherence to best practices for Splunk architecture, data models, and security configurations
• Provide documentation and knowledge transfer to internal teams