Splunk SME

We are seeking a highly experienced and knowledgeable Splunk Subject Matter Expert (SME) to lead the design, implementation, and optimization of our Splunk platform across the enterprise. The ideal candidate will have a deep understanding of Splunk architecture, data onboarding, correlation, dashboards, and alerting, with a focus on security, observability, and operational intelligence.

Key Responsibilities:

• Act as the technical lead for all Splunk-related initiatives, providing guidance on architecture, deployment, and best practices.
• Design, configure, and maintain Splunk infrastructure including indexers, search heads, forwarders, and enterprise security (ES).
• Onboard, parse, and normalize new data sources from diverse systems (network, application, cloud, security logs).
• Develop and optimize advanced SPL queries, dashboards, alerts, and reports tailored to stakeholders' needs.
• Ensure system performance, availability, and scalability of the Splunk environment.
• Collaborate with security, operations, and development teams to support monitoring, incident response, and threat detection.
• Conduct health checks, upgrades, and performance tuning of the Splunk environment.
• Provide training and mentoring to junior team members and Splunk users across the organization.
• Maintain documentation for configuration, processes, and operational procedures.

Required Qualifications:

• Proven experience as a Splunk SME or Splunk Engineer in a large-scale enterprise environment.
• Expert-level knowledge of Splunk architecture, SPL, and data onboarding practices.
• Hands-on experience with Splunk Enterprise Security (ES) and/or IT Service Intelligence (ITSI).
• Proficiency in onboarding logs from various technologies: firewalls, servers, cloud platforms (AWS, Azure), and applications.
• Strong understanding of cybersecurity, SIEM, and log analysis principles.
• Familiarity with Linux/UNIX environments, scripting (e.g., Python, Bash), and REST APIs.
• Ability to troubleshoot complex issues across diverse systems and data sources.
• Excellent communication and documentation skills.

Preferred Qualifications:

• Splunk Certifications (e.g., Splunk Core Certified Power User, Admin, Architect, or ES Certified Admin).
• Experience integrating Splunk with SOAR tools, threat intelligence platforms, and cloud-native services.
• Background in security operations, threat detection, or DevOps monitoring.