Strength. Care. Growth
You will know we are the right place for you, if you are driven by:
- Opportunities to learn and build your career.
- Meaningful work in a stable and fast-paced company.
- Diversity of people, projects, and platforms.
- A supportive, fun, and inspiring place to work.
?Role Overview:
Responsible for administering and engineering the Splunk Enterprise/SIEM platform by ensuring high availability, optimizing log ingestion, and leading upgrades, scaling, and data integration initiatives. The role also focuses on automation, data quality, and close collaboration with security teams to support detection capabilities and platform reliability.
Role insights:
- Maintain and enhance the Splunk Enterprise platform, including core components such as Search Heads, Indexers, Cluster Masters, and Deployment Servers to ensure high availability and reliability.
- Manage and optimize forwarder infrastructure (Heavy and Universal Forwarders) to support stable and efficient log ingestion across environments.
- Lead platform upgrades, scaling initiatives, and architectural improvements to support business growth and evolving security needs.
- Drive data onboarding and integration from cloud, on-premises, and hybrid sources while ensuring structured, high-quality, and CIM-compliant data.
- Develop automation scripts and engineering improvements (e.g., Python, Bash, Ansible) to streamline deployments, maintenance, and data onboarding workflows.
- Collaborate with SOC analysts, threat hunters, and detection engineers to ensure data readiness, troubleshoot platform issues, and contribute to internal engineering standards and best practices.
What makes you unique:
- Bachelor’s or Master’s degree in Information Security, Computer Science, or related field.
- 3–5+ years of hands?on experience administering and engineering Splunk Enterprise/SIEM platforms.
- Strong hands-on experience with Splunk Enterprise as a platform engineer/admin.
- Expertise in: Deployment servers, Heavy forwarders, Parsing and filtering, TA/APP development, Data onboarding at scale.
- Solid understanding of: Linux, Networking fundamentals, Logging architectures.
- Scripting skills (Python preferred).
- Experience in cybersecurity/SIEM environments.
- Familiarity with cloud environments (especially Azure/M365) is a plus.
- Splunk certifications (Admin, Architect, Core, ES Analyst) are a strong advantage.
Job code: 10 - (Global Level)
Job classification: AIT070P210
