Splunk Engineer

EPAM is seeking an experienced

Splunk Engineer

to build, optimize and maintain our Splunk Enterprise environment. The ideal candidate has deep expertise in Splunk architecture, Linux engineering, data ingestion pipelines, security controls and automation. You will play a critical role in shaping our logging and analytics capabilities, ensuring performance, scalability and resilience across the platform. The role requires working from our Eindhoven office 2 days a week.

Responsibilities

Build and deploy the end-to-end technical architecture of the Splunk platform, including search heads, indexers, ingestion tiers and supporting components

Build Splunk deployments based on Splunk Validated Architectures (SVA) ensuring resilience and scalability

Optimize and harden Linux-based Splunk infrastructure, including Workload management and resource limits, OS hardening and kernel tuning, THP/SWAP settings and Filesystem layout and storage performance best practices

Establish and maintain ingestion pipelines using: Universal Forwarders/Heavy Forwarders, HEC endpoints, Syslog pipelines (SC4S, syslog NG, rsyslog), API-based collectors and Database inputs

Develop parsing and normalization models aligned with the CIM framework, including high performing accelerated data models

Design and optimize alerts, dashboards and health monitoring on Splunk

Integrate Splunk deployment workflows into CI/CD pipelines, enabling GitOps-based operations and automated configuration management

Requirements

5+ years hands-on Splunk Enterprise experience in administration, architecture or platform build roles

Proven delivery of greenfield builds or major re-platform projects

Strong proficiency with SPL and advanced search optimization, Props/transforms, field extractions and parsing logic, CIM, data model acceleration and search performance tuning

Solid Linux (RHEL) administration skills including networking, storage, filesystems, system tuning and hardening

Experience with automation and at least one scripting: Bash, Python, Ansible (or similar tools), Git-based workflows and packaging Splunk apps/add-ons

Nice to have

Proven experience with multiple SIEM solutions

Hands-on experience with SIEM migration projects, including planning, execution and troubleshooting

SIEM-specific certifications such as Splunk Certified Architect, IBM QRadar Certification or ArcSight Certified Security Analyst

Security certifications such as CISSP, CEH, CompTIA CASP+ or GIAC are an advantage

We offer

26 paid holiday days

Disability insurance (WGA Shortfall insurance)

Long-term disability insurance (WIA Top up insurance)

EPAM Employee Stock Purchase Plan (ESPP)

Commuting to work - costs reimbursement

Laptop + corporate simcard + corporate mobile device (subject to certain eligibility requirements)

Bike lease

Employee Assistance Program

Corporate Programs including Employee Referral Program with rewards

Learning and development opportunities including in-house training and coaching, professional certifications, over 22,000 courses on LinkedIn Learning Solutions and much more

*All benefits and perks are subject to certain eligibility requirements

#J-18808-Ljbffr