You will design, deploy, and manage scalable Splunk and SIEM architectures.
Responsibilities
Design and implement scalable SIEM architectures, including backend operations for Universal Forwarders, Heavy Forwarders, Search Heads, and Indexer Clusters.
Manage log collection, parsing, normalization, and retention practices to ensure data integrity.
Execute log and license optimization strategies to improve efficiency and reduce costs.
Integrate Splunk infrastructure with third-party observability tools like ELK or DataDog.
Identify security and non-security logs to apply appropriate filtering and re-routing logic.
Produce technical documentation including HLD, LLD, implementation guides, and operation manuals.
Required Skills
10+ years of experience in Splunk architecture and backend operations.
Expertise in Splunk SIEM and log management.
Advanced Linux Administration skills.
Proficiency with Syslog and network architecture components.
Strong scripting skills in Python, PowerShell, or Bash for task automation.
Experience with data parsimony and security standard compliance.
Any Graduate degree.
Preferred Skills
Experience with open source SIEM or log storage solutions such as ELK or DataDog.