Splunk Architecture & Implementation:
- Design, deploy, and optimize Splunk Enterprise and Splunk Cloud environments.
- Lead end-to-end Splunk implementations, migrations, and upgrades.
- Manage search head clustering, indexer clustering, and data retention policies.
Security & Observability Solutions:
- Architect and configure Splunk Enterprise Security (ES), Splunk UBA, and ITSI.
- Implement risk-based alerting (RBA), custom correlation searches, and advanced analytics.
- Integrate Splunk with SOAR, cloud platforms (AWS, Azure, GCP), and third-party security tools.
Team Leadership & Customer Engagement:
- Lead and mentor a team of Splunk Administrators & Engineers.
- Interact with customers to gather requirements, design solutions, and conduct workshops etc.
- Review and improve Splunk use cases, dashboards, and data models.
Optimization & Automation:
- Develop custom scripts (Python, Bash, PowerShell) for automation and orchestration.
- Tune Splunk performance, search queries, and indexing strategies.
- Implement best practices for data onboarding, parsing, and CIM compliance.
Must-Have Skills:
- 7+ years of hands-on Splunk experience, including Enterprise Security, UBA, and ITSI.
- Strong expertise in Splunk architecture, data ingestion, parsing, and CIM mapping.
- Deep understanding of SIEM, threat intelligence, and security analytics.
- Proven ability to lead technical teams and drive complex Splunk deployments.
- Strong communication skills ability to present and explain Splunk solutions, Technical Terms to customers.
- Splunk Certifications (Splunk Architect, Splunk ES Admin, Splunk Core Consultant, ITSI Certified Admin).
- Exposure to machine learning models, anomaly detection, and advanced analytics in Splunk
