Ensure the continuity and smooth functionality of the Splunk service, its associated components, and its integrations with other services.
Design and implement solutions to address business problems, understanding the Splunk architecture requirements for scalability, security, performance, and cost-efficiency.
Own the overall solution blueprint and roadmap and work closely with business units to translate requirements into an appropriate solution design.
Ensure the security of the Splunk environment by performing proactive health checks and keeping abreast of new threats and vulnerabilities that may affect them.
Remain current and up to date with emerging technologies, business requirements and enhancements & develop proposals for changes that may be required.
Develop best practises, standards, and architectural principles for the Splunk service.
Execute creation and maintenance of architectural documentation.
Assist/engage other system owners and project development teams that have integration requirements with the various other enterprise security systems.
Assist/engage other engineering teams for problem determination of incidents.
Requirements:
5+ Years working in large scale Splunk environment.
Splunk Enterprise Security experience a must.
Track record of designing, developing, and onboarding solutions into Enterprise Splunk deployments.
Extensive experience knowledge of Splunk architecture, distributed components (indexer clusters, forwarders, search head clusters, deployment servers, DMCs, dashboards etc).
Strong knowledge of Splunk Enterprise Security at administration and use case level.
Deep understanding of:
- Splunk language (SPL)
- Intermediate Python or PowerShell scripting a must
- CSS, XML, macros, and JavaScript.
- External systems management products & feeds, particularly, but not limited to the M365 security portfolio.
- Optimised data architectures & data analytics.
- IaaS and SaaS deployments, security & integration.