Splunk Engineer

Introduction & Summary

We are seeking an experienced Splunk Engineer to take over and operate the on-premise Splunk SIEM platform. You will play a crucial role in transitioning from an existing global partner, stabilizing, and continuously improving the enterprise-scale SIEM environment.

Main Responsibilities

In this role, you'll manage all Splunk operations, ensuring effective platform operation and maintenance.

• Perform CIM-compliant log onboarding and parser creation.

• Conduct onboarding due diligence and demand analysis.

• Create and validate Firewall/VPN/Routing change requests.

• Manage ingestion pipelines via Cribl and Splunk UF/HF.

• Deploy and scale Splunk components using Terraform and Ansible.

• Ensure full platform operation and handle ITSM processes.

• Lead Major Incident Management on a 24/7 basis.

• Implement approved changes across Splunk components.

• Conduct vulnerability scans and support SOC threat analysis.

• Take over existing Splunk operations and ensure stability during transition.

Key Requirements

• 5–10 years of Splunk/SIEM experience in large enterprises.

• Expertise in Splunk Architecture, CIM onboarding, and parser development.

• Strong scripting abilities in Terraform, Ansible, Bash/Python.

• Experience in stabilizing SIEM environments.

• At least two required certifications, e.g., Splunk Core Certified User or Splunk Enterprise Admin.

• Strong communication skills in enterprise settings.

• Clear documentation skills and a proactive work style.

• Fluent English required; German beneficial.

Nice to Have

• Previous experience with major incident management in a 24/7 environment.

• Knowledge of additional security practices and tools.

• Experience collaborating in international teams.