Splunk Engineer

Overview
We are seeking a skilled Splunk Engineer with strong administration and operational experience to design, implement, and maintain Splunk infrastructure and analytics solutions. The ideal candidate will have hands-on expertise in Splunk Enterprise / Enterprise Security (ES), data onboarding, dashboard creation, alert tuning, and system administration.
This role bridges engineering, operations, and security analytics, ensuring Splunk runs optimally while delivering actionable insights.

Key Responsibilities

• Design, deploy, and maintain Splunk environments (indexers, search heads, forwarders, deployment servers, cluster masters).
• Create and optimize SPL queries, dashboards, reports, and alerts for operational visibility and threat detection.
• Develop and automate data onboarding pipelines from diverse sources (syslog, cloud, API, EDR tools).
• Integrate Splunk with SIEM/SOAR platforms, cloud services (AWS, Azure, GCP), and endpoint security tools.
• Support use case development for security monitoring and compliance (SOC, IT Ops, or DevOps).
• Perform installation, configuration, and upgrade of Splunk components.
• Manage user roles, authentication, and access control (RBAC).
• Monitor system health, indexing performance, and data retention policies.
• Handle license management, data optimization, and troubleshooting.
• Conduct backup, recovery, and disaster recovery planning for Splunk infrastructure.

Security & Operations

• Collaborate with SOC Analysts to build and tune correlation searches.
• Ensure data integrity, confidentiality, and compliance with security standards (SOC 2, ISO 27001, NIST).
• Participate in incident response and threat analysis leveraging Splunk dashboards.
• Automate repetitive tasks using scripts (Python, Bash, PowerShell) and APIs.

Required Skills & Qualifications

• Bachelor’s degree in Computer Science, Information Security, or related field.
• 3+ years of experience in Splunk engineering or administration.
• Proficiency in Splunk Enterprise / ES, SPL scripting, and data onboarding.
• Experience managing Splunk clusters, indexing, and search head configurations.
• Strong understanding of log parsing, data normalization, and regex extractions.
• Familiarity with Linux/Windows administration and network security concepts.
• Experience with security frameworks (NIST, MITRE ATT&CK, SOC2, PCI-DSS).
• Scripting skills in Python, Shell, or PowerShell.
• Excellent problem-solving and analytical skills.

Preferred Qualifications

• Splunk Certifications:
• Splunk Core Certified Power User
• Splunk Enterprise Certified Admin
• Splunk Enterprise Security Certified Admin
• Knowledge of cloud-based Splunk (Splunk Cloud, AWS, Azure integrations).
• Experience working in a Security Operations Center (SOC) environment.

Job Type: Full-time

Ability to commute/relocate:

• Muscat: Reliably commute or planning to relocate before starting work (Required)

Application Question(s):

• what is your monthly current salary?
• what is your monthly expected salary?
• what is your notice period?

Education:

• Bachelor's (Required)

Experience:

• Splunk Engineer: 4 years (Required)