Security Intelligence Specialist (Splunk Implementer)

Job Summary:

We are seeking a skilled Splunk Implementer to deploy, configure, and optimize Splunk solutions for our organization. The ideal candidate will have experience in implementing Splunk across various environments, developing use cases, creating dashboards, and integrating data sources for effective log analysis and monitoring.

Key Responsibilities:

• Deploy and configure Splunk Enterprise/Splunk Cloud in distributed environments.
• Design and implement Splunk architecture, including indexers, forwarders, and search heads.
• Onboard data sources and create effective data ingestion pipelines.
• Develop Splunk queries, reports, dashboards, alerts, and custom visualizations.
• Optimize Splunk performance, including index management, data retention policies, and search performance tuning.
• Work with security and IT teams to integrate Splunk with other security tools such as SIEM, firewalls, and threat intelligence platforms.
• Develop and implement log parsing, field extractions, and custom search-time transformations.
• Create and maintain Splunk knowledge objects like lookup tables, event types, workflow actions, and macros.
• Troubleshoot and resolve Splunk-related issues, ensuring system stability and performance.
• Provide documentation, training, and support for Splunk users across different teams.
• Stay updated on Splunk best practices, add-ons, and new feature releases.

Qualifications & Experience:

• Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field (preferred).
• 1+ years of experience in Splunk implementation, administration, and optimization.
• Strong expertise in Splunk SPL (Search Processing Language).
• Experience with log collection, parsing, and normalization from various sources.
• Knowledge of security frameworks and monitoring tools (SIEM, IDS/IPS, firewalls, etc.).
• Familiarity with scripting languages like Python, Shell, or PowerShell for automation.
• Experience with data onboarding via Universal Forwarders, Heavy Forwarders, Syslog, APIs, or DB Connect.
• Hands-on experience with Splunk Enterprise Security (ES) or IT Service Intelligence (ITSI) is a plus.
• Splunk certification (e.g., Splunk Certified Administrator, Splunk Certified Architect) is preferred.

Soft Skills:

• Strong analytical and problem-solving skills.
• Ability to work independently and in a team-oriented environment.

Excellent communication and documentation skills.