Splunk Engineer - SE 26-04926

About The Position

Requirements

• Hands-on experience administering and engineering Splunk Enterprise or Splunk Cloud in medium-to-large environments.
• Strong proficiency in SPL (Search Processing Language) for analytics and troubleshooting.
• Proven experience onboarding new systems and applications into Splunk.
• Experience building dashboards using Splunk Dashboard Studio or Classic Editor.
• Solid understanding of log ingestion formats such as syslog, JSON, and XML, including parsing and field extraction.
• Knowledge of core IT infrastructure concepts (servers, networking, firewalls, cloud services).
• Experience working with Linux command line and managing Splunk Universal/Heavy Forwarders.

Nice To Haves

• Experience with automation or scripting (e.g., Python, PowerShell).
• Exposure to Splunk Enterprise Security (ES) or IT Service Intelligence (ITSI) modules.
• Familiarity with distributed Splunk environments, including indexer clustering and search head clustering.
• Experience implementing CIM compliance and data models.

Responsibilities

• Onboard new systems, logs, and data sources into Splunk, ensuring accurate parsing, field extraction, CIM compliance, and data normalization.
• Configure and maintain Splunk forwarders, ingestion pipelines, and data routing.
• Design and develop advanced dashboards, visualizations, and analytics for operational, security, and business use cases.
• Create and optimize complex SPL queries, macros, lookups, and scheduled searches.
• Troubleshoot data ingestion issues, search performance bottlenecks, and data quality challenges.
• Collaborate with network, server, application, and security teams to define logging requirements and deliver actionable monitoring solutions.