Overview
We are seeking an experienced Senior Splunk Engineer to take over and operate the on-premise Splunk SIEM platform. As part of the transition from the existing global partner, you will be responsible for stabilizing and continuously improving an existing enterprise-scale SIEM environment.
You will own all Splunk operations across the following domains:
- Plan & Build
- 24/7 Operations
- Release & Patch Management
- CIM-based Log Onboarding
- Parser development
- Hardening
- Configuration Management
- Incident/Problem/Change processes
The current platform landscape includes:
- 50+ Cribl Workers
- 10+ Splunk Forwarder / Heavy Forwarder
- Indexers
- Management Components
- Search Heads & GINX Load Balancer
Main Responsibilities
Core duty description: Ensure the optimization and effective operations of the Splunk platform through various responsibilities.
- Perform CIM-compliant log onboarding, parser creation, and documentation.
- Conduct onboarding due diligence and demand analysis.
- Create Firewall/VPN/Routing change requests and validate changes.
- Manage ingestion pipelines via Cribl, Syslog-ng, Splunk UF/HF, SCP.
- Deploy and scale Splunk components using Terraform and Ansible.
- Ensure full Splunk platform operation, monitoring, product performance, and log flow.
- Lead Major Incident Management with 24/7 on-call rotation.
- Conduct system hardening and vulnerability remediation.
- Take over existing Splunk operations and ensure stability during transition.
Key Requirements
Nice to Have
- Experience in automating workflows using SOP-based guidelines.
- Knowledge of security compliance practices.
- Familiarity with health check dashboard creation.
- Background in managing data ingestion pipelines.
Other Details
Opportunity to work in an innovative industrial SIEM environment with high responsibility in Cyber Security. Position offers long-term engagement (24–36 months) with international collaboration possibilities.