Strength. Care. Growth
You’ll know A1 Bulgaria is the right place for you if you are driven by:
- Opportunities to learn and build your career;
- Meaningful work in a stable and fast-paced company;
- Diversity of people, projects, and platforms;
- A supportive, fun, and inspiring place to work.
As a Splunk SIEM Engineer, you will be responsible for engineering, maintaining, and continuously improving our enterprise Splunk platform.
Your work will directly support our security operations by ensuring a reliable, scalable, and high?quality SIEM foundation.
Your daily routine would include:
- Maintain and enhance the Splunk Enterprise platform, including core components such as Search Heads, Indexers, Cluster Masters, and Deployment Servers to ensure high availability and reliability.
- Manage and optimize forwarder infrastructure (Heavy and Universal Forwarders) to support stable and efficient log ingestion across environments.
- Lead platform upgrades, scaling initiatives, and architectural improvements to support business growth and evolving security needs.
- Drive data onboarding and integration from cloud, on-premises, and hybrid sources while ensuring structured, high-quality, and CIM-compliant data.
- Develop automation scripts and engineering improvements (e.g., Python, Bash, Ansible) to streamline deployments, maintenance, and data onboarding workflows.
- Collaborate with SOC analysts, threat hunters, and detection engineers to ensure data readiness, troubleshoot platform issues, and contribute to internal engineering standards and best practices.
We’ll know you can make it if you have:
- Bachelor’s or Master’s degree in Information Security, Computer Science, or related field.
- 3–5+ years of hands?on experience administering and engineering Splunk Enterprise/SIEM platforms.
- Strong hands-on experience with Splunk Enterprise as a platform engineer/admin.
- Expertise in: Deployment servers, Heavy forwarders, Parsing and filtering, TA/APP development, Data onboarding at scale.
- Solid understanding of: Linux, Networking fundamentals, Logging architectures.
- Scripting skills (Python preferred).
- Experience in cybersecurity/SIEM environments.
- Familiarity with cloud environments (especially Azure/M365) is a plus.
- Splunk certifications (Admin, Architect, Core, ES Analyst) are a strong advantage.
Apply now!
Every internal candidate will be invited for an interview.
Every colleague, who has changed their position in the company, will receive an individual bonus of 1000 euro for an educational course of their choice.
Refer a friend for this position and get a bonus of 500 еuro under the Employee referral program!
