Splunk Engineer (Project Based)

Job Summary :

We are looking for a highly skilled Splunk Engineer to design, implement, and maintain our Splunk infrastructure to support enterprise-wide monitoring, observability, and security needs. The ideal candidate will have a strong understanding of Splunk architecture and proven experience in onboarding data, creating dashboards, and optimizing system performance.

Key Responsibilitie

• sDesign, deploy, and maintain full-scale Splunk architecture including clustered indexers, search head clusters, deployment servers, heavy/light forwarders, and Splunk Enterprise Security (ES) premium applications
• .Engineer and manage high-volume data ingestion pipelines from diverse sources — Windows/Linux servers, network devices, cloud platforms (AWS, Azure, GCP), and security appliances — ensuring logs are cleanly parsed, normalized, and CIM-compliant
• .Configure, tune, and troubleshoot Data Model Accelerations (DMA) to maintain optimal search head performance without exhausting storage or CPU resources
• .Implement and manage Splunk Risk-Based Alerting (RBA) frameworks including risk index structuring and object attribution
• .Optimize data stream ingestion using Splunk Heavy Forwarders, Cribl Stream, or Kafka to filter, deduplicate, and reduce licensing costs
• .Develop dashboards, alerts, reports, and visualizations tailored to SOC operational and executive business requirements
• .Build and maintain SOAR playbook infrastructure, custom API integrations, and automated connectors to support Tier-2 and Incident Response workflows
• .Deploy and manage EDR and logging agents enterprise-wide using automation tools (Ansible, Terraform, or equivalent IaC)
• .Implement high availability, disaster recovery, and failover strategies to guarantee 24/7/365 platform uptime
• .Work closely with Detection Engineers, Threat Hunters, and SOC analysts to support security incident detection, correlation rule tuning, and response workflows
• .Create and maintain comprehensive technical documentation including architecture diagrams, configurations, SOPs, and best practices

.
Qualificatio

• nsBachelor's degree in Computer Science, Information Technology, or a related fiel
• d.Minimum 5–7 years of hands-on experience in infrastructure engineering, DevOps, or enterprise systems administration, with at least 3 years dedicated to Splunk platform engineerin
• g.Proven experience architecting and managing multi-tier Splunk environments handling multi-terabyte per day data ingestion pipeline
• s.Deep expertise in Splunk Enterprise Security (ES) including Data Model Acceleration (DMA), CIM compliance mapping, and Risk-Based Alerting (RBA
• ).Proficiency in writing advanced SPL queries, correlation rules, dashboards, and automated alert
• s.Experience integrating log sources from diverse systems — operating systems, firewalls, IDS/IPS, identity providers, and cloud environment
• s.Hands-on experience with SOAR platforms (e.g., Splunk SOAR, Palo Alto Cortex XSOAR) including playbook infrastructure and custom API integratio
• n.Proficiency in scripting and automation using Python, Bash, or equivalent language
• s.Experience with IaC and DevOps tools such as Ansible, Terraform, Docker, or Kubernete
• s.Strong understanding of cloud-native security logging (AWS CloudTrail/VPC Flow, Azure Event Hubs, GCP Pub/Sub
• ).Solid grasp of SIEM concepts, MITRE ATT&CK framework, and security monitoring practice
• s.Strong problem-solving skills, documentation discipline, and ability to collaborate cross-functionally with SOC, IT, and DevOps team

s.
Preferred Certificatio

• ns:Splunk Enterprise Certified Archit
• ectSplunk Enterprise Security Certified Ad
• minSplunk Core Certified Consultant / Power U
• serAWS / Microsoft Azure Solutions Archit
• ectCI

S