SIEM / Splunk Operations (On-Prem)

Overview

We are seeking an experienced Senior Splunk Engineer to take over and operate the on-premise Splunk SIEM platform. As part of the transition from the existing global partner, you will be responsible for stabilizing and continuously improving an existing enterprise-scale SIEM environment.

You will own all Splunk operations across the following domains:

• Plan & Build
• 24/7 Operations
• Release & Patch Management
• CIM-based Log Onboarding
• Parser development
• Hardening
• Configuration Management
• Incident/Problem/Change processes

The current platform landscape includes:

• 50+ Cribl Workers
• 10+ Splunk Forwarder / Heavy Forwarder
• Indexers
• Management Components
• Search Heads & GINX Load Balancer

Main Responsibilities

Core duty description: Ensure the optimization and effective operations of the Splunk platform through various responsibilities.

• Perform CIM-compliant log onboarding, parser creation, and documentation.
• Conduct onboarding due diligence and demand analysis.
• Create Firewall/VPN/Routing change requests and validate changes.
• Manage ingestion pipelines via Cribl, Syslog-ng, Splunk UF/HF, SCP.
• Deploy and scale Splunk components using Terraform and Ansible.
• Ensure full Splunk platform operation, monitoring, product performance, and log flow.
• Lead Major Incident Management with 24/7 on-call rotation.
• Conduct system hardening and vulnerability remediation.
• Take over existing Splunk operations and ensure stability during transition.

Key Requirements

• 5–10 years Splunk/SIEM experience in large enterprises.
• Expertise in Splunk Architecture, CIM onboarding, parser development, Syslog-ng.
• Strong scripting skills: Terraform, Ansible, Bash/Python.
• Experience stabilizing existing SIEM environments.
Certifications (required):
• Minimum two of:
  • Splunk Core Certified User
  • Splunk Core Certified Power User
  • Splunk Enterprise Admin
  • Splunk Enterprise Architect
  • Optional: Splunk ES
• Strong communication and documentation skills in an enterprise context.
• Proactive, quality-driven work style.
• Fluent in English (German beneficial).

Nice to Have

• Experience in automating workflows using SOP-based guidelines.
• Knowledge of security compliance practices.
• Familiarity with health check dashboard creation.
• Background in managing data ingestion pipelines.

Other Details

Opportunity to work in an innovative industrial SIEM environment with high responsibility in Cyber Security. Position offers long-term engagement (24–36 months) with international collaboration possibilities.