Splunk Engineer-Hurricane Labs

About The Position

Requirements

• Strong Splunk knowledge: search heads, indexers, clustering, props/transforms, data models, CIM, and ES (preferred).
• Certified Splunk Architect
• Strong Linux system administration + troubleshooting skills.
• Experience with automation tools (Ansible preferred).
• Familiarity with Git and version-controlled workflows.
• Strong communication, documentation, and remote collaboration skills.

Nice To Haves

• Experience working with MSSPs or multi-tenant environments is a plus.

Responsibilities

• Data Onboarding - Responsible for data onboarding which may include application/add-on installation, custom parsing rules, and CIM compliance.
• Architecture Changes & Deployments - Manage Splunk environment architecture changes, design, as well as deployments such as ground up environment builds of all server roles. Assist clients in cloud migration efforts.
• Updates - Deliver major version updates and/or upgrades of Splunk apps and TAs as well as Splunk versions.
• Maintenance Release Updates - Handle maintenance release updates across customer environments.
• New Feature Deployment - Work closely with QA and Senior Engineers to deploy new features, apps, and capabilities.
• Sprint / Project Development - Complete engineering work assigned by Project Managers within the designated sprint/project timelines. Communicate any blockers or delays to Technical Account Managers promptly so adjustments can be made.
• Data Onboarding Pipeline Development - Develop and manage onboarding pipelines for log ingestion, parsing, field extraction, indexing, and data quality validation.
• Use Case Content Development - Create and optimize dashboards, alerts, saved searches, and correlation searches to support SOC, IT Operations, and Compliance cases.
• Automation & Tooling - Build automation pipelines for onboarding, ongoing health checks, maintenance tasks, and system updates (e.g., Ansible, Git-based workflows).