Job Title : Splunk Engineer / Admin
Experience : 6-8 Years
Job Type : Permanent
Qualification : Any Graduate (Full Time)
Work Schedule : This is a 24x7 support team. Ideal candidate would be willing to work night and weekend shifts
Job Summary :
Provide overall engineering and design support for a very large distributed state of the art Splunk environment.
The Splunk Engineer / Admin would be responsible for enhancing the architecture, performance tuning and Operational support in prod and non-prod environments.
The candidate should be familiar with recognizing and onboarding new applications into Splunk, perform trend analysis, build dashboards and make :
Develop distributed Splunk applications, including requirement gathering, coordinating Splunk setup
Support, maintain and expand Splunk infrastructure to meet future architecture design and deployment requirements
Perform basic and advanced scripting tasks with Splunk to automate repeatable processes using Python
Design, implement and optimize Splunk applications (to include Enterprise Security), queries, knowledge objects, and data models.
Develop new dashboards, searches, and alerts to enhance Enterprise Security use cases.
Deploy Best Practices for developing Splunk Apps and create conceptual architecture for a continuous improvement initiative
Provide Impact assessment for migration efforts.
Support Performance Testing and User Acceptance Testing
Design and implement Custom Searches and reports
Build PoCs for Splunk enhancements
Tuning information model, defining reusable templates
Define reusable view templates, and retention & archival policies
Provide Impact assessment for migration efforts, and coordinate migration activities
3 years experience in Managing, Designing, Configuring Splunk environment.
3 years experience in Unix environment including Administration, Scripting or Supporting applications.
Experience in managing a large distributed Splunk environment consisting of Search heads, Indexers, Cluster masters, Deployers, Deployment Servers, and Heavy / Universal forwarders
Experience in Syslog, Splunk HTTP Event Collection (HEC) and Windows Event Collection Services.
Experience in Developing Splunk Dashboards, Reports, Alerts, Visualizations and Optimize searches
Experience in Log parsing, lookups, calculated fields, extractions using regex
Experience with one or more of the Splunk applications like DBConnect, ServiceNow, AWS, Azure, Kafka.
Experience in Splunk ITSI Module and Phantom will be added advantage.
Experience with Splunk Enterprise Security Premium Application.
Experience in requirement gathering and documentation.
Experience in automation with programming languages like Python, JAVA, .Net, XML, HTML.
Knowledge and Experience in GIT, Bitbucket, Bamboo, Ansible, Chef, JIRA
Familiarity with network topology, UDP, TCP, Proxys, Firewalls, Routers, and Switches.
Familiarity with Phantom, Cloud computing, Web Interfaces, Databases, and Big Data technologies (like Hadoop, Kafka, etc.).
Understanding of CI / CD.
Experience in coordinating with offshore support teams / virtual teams.
Excellent communication and interpersonal skills.
Nice to have experience in Security information and event management (SIEM).
Nice to have experience with RTIR
Inviting applications from qualified candidates and those who can join within 30 days of the offer.