Splunk Support Engineer (2nd Level Support)

We are looking for an experienced Second Level Support Engineer (Splunk) with strong German language skills (minimum B2 level) to join a team responsible for maintaining and developing a Splunk environment for a client in the financial services sector.

If you enjoy solving technical challenges, ensuring platform stability, and collaborating with cross-functional teams, this opportunity might be the perfect fit for you.

Responsibilities

• Handle and resolve incidents and service requests related to the Splunk environment (P1–P4) in accordance with ITIL processes.

• Diagnose and troubleshoot issues within Splunk architecture, including:

  • Indexer Clusters

  • Search Head Clusters

  • Deployment Servers

  • Forwarders and Heavy Forwarders

• Monitor, analyze, and optimize search performance, dashboards, and scheduled searches.

• Administer Splunk Enterprise and Splunk Cloud environments.

• Manage users, roles, and permissions (RBAC).

• Configure and maintain data sources, inputs, and indexing policies.

• Support SOC processes and SIEM environments (Splunk ES).

• Participate in audits and compliance-related security activities.

• Create and maintain technical documentation and operational procedures.

• Collaborate with 1st and 3rd Level Support teams as well as vendor support.

• Participate in upgrades, patch deployments, and change management processes.

• Take part in on-call rotations supporting critical systems.

Requirements

• Minimum 3 years of experience in Splunk administration and operations.

• At least 1 year of experience in a 2nd Level Support or similar role.

• Strong knowledge of Splunk architecture, including Indexer Clusters, Search Head Clusters (SHC), Deployment Servers, and Forwarders.

• Experience troubleshooting platform issues and performing performance analysis.

• Knowledge of SPL (Search Processing Language) and report development.

• Experience administering Linux systems (RHEL/CentOS/Debian) and basic knowledge of Windows Server environments.

• Understanding of networking concepts, including TCP/IP, TLS/SSL, firewalls, and proxy servers.

• Familiarity with ITIL processes.

• English proficiency at C1 level.

• German proficiency at B2 level or higher.

• Splunk Core Certified Power User certification.

Nice to Have

• Splunk Enterprise Certified Admin certification.

• Experience with Splunk Enterprise Security (ES) and/or Splunk ITSI environments.

• Knowledge of SOC processes, use case management, correlation rules, and Notable Events.

• Experience working in the financial sector or other highly regulated environments.

• Familiarity with regulatory frameworks such as DORA, BAIT, MaRisk, ISO 27001, and GDPR.

• Knowledge of log sources commonly used in regulated environments (e.g., Active Directory, PAM, Core Banking Systems).

• Experience with Kubernetes, Docker, AWS, Azure, or Splunk Cloud.

• Scripting and automation skills using Python or Bash.

• Experience with HEC (HTTP Event Collector), Syslog, and REST API integrations.

• ITIL 4 Foundation certification.

• Certifications such as Splunk Enterprise Security Certified Admin, Splunk Certified Cybersecurity Defense Analyst, or CompTIA Security+.

What We Offer

• Remote work with occasional visits to our office and client locations – enjoy the flexibility of working from home while staying connected through in-person meetings when needed.

• Transparent communication and a flat organizational structure – easy access to decision-makers and no unnecessary hierarchy.

• An individual development path – work with your leader to define your growth plan, including access to external training and knowledge-sharing sessions.

• A supportive team culture built on openness, trust, and collaboration.

• Engaging projects across various industries, including e-learning, energy, finance, manufacturing, and logistics.

• International teams and clients – an excellent opportunity to use and improve your English and/or German in real project environments.

• Language courses – company-sponsored English and German lessons at all levels, including sessions with native speakers.

• Comprehensive benefits package including private healthcare (LuxMed), life insurance (Unum), and a Multisport card.

• A strong focus on integration and well-being – regular team events, internal initiatives, squash and badminton groups, and many other activities that help build relationships and a great working atmosphere.

Tasks

Expectations

Offering