Splunk Admin

Job SummaryAs a Mid-Level Cyber Security Splunk Administrator, you will manage and optimize our Splunk SIEM environment to support security operations, data onboarding, use case development, and performance tuning. You will collaborate with security, infrastructure, and DevOps teams to ensure the Splunk platform effectively supports threat detection, alerting, and operational insights.Key ResponsibilitiesAdminister, monitor, and maintain Splunk Enterprise/Splunk Cloud environments, including indexers, search heads, and forwarders. Onboard and normalize security and system logs, ensuring accurate parsing, field extractions, and CIM compliance. Create and tune dashboards, alerts, reports, and analytics that support security operations and incident response. Monitor and troubleshoot Splunk health, performance, and data ingestion issues; perform root cause analysis and resolution. Use SPL (Search Processing Language) to build custom searches, use cases, and visualizations. Work with SOC engineers and security analysts to refine use cases and support investigations. Maintain documentation, runbooks, and standard operating procedures for Splunk operations. Participate in platform upgrades, patching, and configuration changes following ITIL/change management practices. Required QualificationsBachelor’s degree in computer science, IT, Cybersecurity, or related field.3–6 years’ experience in Splunk administration, SIEM operations, or cybersecurity engineering. Strong hands-on experience with Splunk Enterprise/Splunk Cloud, including data onboarding and management. Proficiency in SPL and building dashboards and reports. Experience with log ingestion methods such as UF, HEC, Syslog, DB Connect and data normalization. Working knowledge of Linux/Unix and basic networking concepts. Solid understanding of cybersecurity fundamentals, including threat detection, incident analysis, and SIEM monitoring.Preferred SkillsSplunk certifications such as Splunk Core Certified Admin, Splunk Enterprise Security Admin, or equivalent.Experience with Splunk Enterprise Security (ES), ITSI, or additional SIEM platforms.Cloud log ingestion experience (AWS, Azure, GCP).Scripting skills (Python, Shell, PowerShell) for automation and custom tasks.Familiarity with ITIL frameworks and change management processes. Why Join UsOpportunity to work with cutting-edge cybersecurity technologiesFlexible remote work environmentLearning and certification supportExposure to global SIEM and security initiatives

Apply Now