Senior Splunk Engineer

Overview

We are seeking an experienced Senior Splunk Engineer to take over and operate the on-premise Splunk SIEM platform. As part of the transition from Infosys, you will be responsible for stabilizing and continuously improving an existing enterprise-scale SIEM environment.

You will own all Splunk operations across Plan & Build, 24/7 Operations, Release & Patch Management, CIM-based Log Onboarding, Parser development, Hardening, Configuration Management, and Incident/Problem/Change processes.

Responsibilities

1. Plan & Build

- Perform CIM-compliant log onboarding, parser creation, documentation. - Conduct onboarding due diligence and demand analysis. - Create Firewall/VPN/Routing change requests and validate changes. - Manage ingestion pipelines via Cribl, Syslog-ng (TLS), Splunk UF/HF, SCP. - Deploy and scale Splunk components using Terraform and Ansible. - Build trend and capacity analyses.

2. Operations (24/7 enterprise-grade operations)

- Ensure full Splunk platform operation, monitoring, performance, EPS/log flow. - Handle Incidents, Service Requests, Changes, and Problems under MBG ITSM. - Lead Major Incident Management (P1/P2) with 24/7 on-call rotation. - Build and operate Health Check dashboards and QA reports.

3. Configuration & Release Management

- Implement approved changes across Splunk components. - Perform daily configuration backups (KV stores, Apps, Configs). - Maintain automation libraries (Terraform, Ansible, scripts). - Manage Splunk patching and releases (maintain N-1 level). - Support up to 12 minor + 1 major release per year.

4. Security, Hardening & Compliance

- System hardening and vulnerability remediation. - Operate via secure access methods (Jump hosts, SuSSHi, 2FA). - Conduct vulnerability scans and support SOC threat analysis. - Automate SOP-based operational workflows.

5. Transition

- Take over existing MBG Splunk operations. - Validate and enhance current configurations, parsers, and deployments. - Ensure stability during transition and hypercare.

Requirements

Technical Skills

- 5–10 years Splunk/SIEM experience in large enterprises. - Expertise in Splunk Architecture, CIM onboarding, parser development, Syslog-ng, certificates. - Strong scripting: Terraform, Ansible, Bash/Python. - Experience stabilizing existing SIEM environments.

Certifications (required)

Minimum two of:

- Splunk Core Certified User - Splunk Core Certified Power User - Splunk Enterprise Admin - Splunk Enterprise Architect - Optional: Splunk ES

Soft Skills

- Strong communication in enterprise environments. - Clear documentation skills. - Proactive, quality-driven work style. - Fluent English (German beneficial).