Splunk Administrator

The Splunk Administrator is responsible for the administration, configuration, optimization, and support of Splunk enterprise environments. The role ensures that log ingestion, parsing, indexing, searching, alerting, dashboards, and integrations run smoothly across the organization. The administrator will work closely with InfoSec, Infrastructure, DevOps, and Application teams to ensure complete visibility, accurate monitoring, compliance, and operational effectiveness.

Responsibilities

• Administer and maintain Splunk Enterprise components, including Search Heads, Indexers, Cluster Master, Deployment Server, and Forwarders
• Manage and optimize data ingestion, parsing, indexing, and field extractions (props & transforms)
• Monitor, troubleshoot, and enhance Splunk infrastructure performance, scalability, and availability
• Manage Splunk apps, add-ons, integrations, and perform upgrades, patching, and backup/recovery
• Onboard new log sources and configure inputs, indexes, and source types
• Ensure data integrity, completeness, normalization, and CIM compliance
• Develop and maintain dashboards, alerts, reports, and saved searches
• Optimize SPL queries for performance and efficient resource utilization
• Support correlation searches, security use cases, and compliance reporting
• Provide L2/L3 support for incidents, including troubleshooting forwarders, parsing issues, and indexing delays
• Monitor system health, storage utilization, and license usage
• Manage forwarder deployments via Deployment Server or configuration tools
• Ensure adherence to security standards, internal controls, and best practices
• Maintain documentation including architecture diagrams, procedures, and playbooks
• Support audits and compliance initiatives (ISO, SOC, PCI, etc.)
• Collaborate with InfoSec, SOC, GRC, DevOps, and Infrastructure teams to support monitoring and observability needs
• Coordinate with vendors and support teams to resolve complex issues.

Requirements

• Hands-on experience with Splunk Enterprise and/or Splunk Cloud
• Strong knowledge of SPL (Search Processing Language)
• Experience with Linux/Unix systems and shell scripting
• Understanding of networking fundamentals (TCP/IP, firewalls, load balancers)
• Experience working with log formats such as JSON, XML, syslog, and Windows EVTX
• Familiarity with security frameworks such as MITRE ATT&CK, NIST, and ISO 27001
• Knowledge of scripting languages such as Python or Bash is an advantage
• Strong analytical and troubleshooting skills
• Ability to manage multiple tasks independently in a structured environment
• Effective communication skills with both technical and non-technical stakeholders
• Detail-oriented with strong documentation practices
• Experience working within SLA-driven environments and governance frameworks
• Strong collaboration skills and adaptability to changing priorities
• Splunk certifications (Power User, Admin, or Architect) preferred
• Experience with cloud platforms (AWS, Azure, GCP) preferred
• Familiarity with SIEM/SOAR concepts and ITIL processes is a plus