Splunk Developer/Admin

Responsibilities

• Design, deploy, and manage scalable and fault-tolerant Splunk environments, including forwarders, indexers, search heads, and deployment servers. Define best practices for deploying large-scale Splunk environments, ensuring high availability, load balancing, and disaster recovery strategies. • Architect and manage data pipelines to ingest large volumes of data from disparate sources, such as system logs, network traffic, applications, cloud platforms, IoT, and custom data sources. Ensure efficient data parsing, field extraction, and transformation. • Lead capacity planning efforts, defining scaling strategies for hardware and storage to meet growing data volumes and query demands, ensuring minimal resource utilization while maintaining performance. • Establish best practices for data onboarding, parsing, and indexing to optimize performance and storage. • Lead the integration of Splunk with other IT systems, including cloud platforms, security solutions, and third-party tools. • Lead the creation and optimization of Splunk data models, ensuring efficient data storage, retrieval, and searchability. Implement CIM (Common Information Model) and work with data normalization strategies. • Implement complex data transformation, parsing, and enrichment strategies through heavy forwarders, Universal Forwarders, and intermediate processing layers. Build custom field extractions and modular inputs to adapt Splunk for specific business use cases. • Design and enforce data governance practices around data retention, access control, and compliance regulations. Ensure all sensitive data is handled appropriately using encryption and other security protocols. Collaborate with the security team to implement security monitoring and event management best practices in Splunk. • Lead the implementation of machine learning algorithms within Splunk to enhance anomaly detection, predictive maintenance, and operational efficiency. Design and implement AI/ML models in Splunk ITSI (IT Service Intelligence) and Splunk UBA (User Behaviour Analytics) • Automate common tasks such as data ingestion, search execution, and reporting through Splunk’s REST APIs, and integration with DevOps tools and automation platforms. Implement configuration management with tools like Ansible, Puppet, or Chef for deploying and maintaining Splunk environments. • Develop and maintain comprehensive monitoring solutions for Splunk infrastructure to ensure uptime and identify bottlenecks, security risks, and failures. Implement proactive measures to mitigate potential disruptions. • Provide technical leadership, mentorship, and training for Splunk engineers, administrators, and developers. Share knowledge across teams and elevate the technical capabilities of the organization. • Enhance Splunk SIEM Platform with best practices. • Work closely with cross-functional teams, including security operations, IT, DevOps, and business analysts, to understand their requirements and tailor Splunk solutions to meet business objectives. Collaborate with executive leadership to define long-term strategic goals for data analytics and observability using Splunk. • Lead complex projects related to the architecture, design, and deployment of Splunk environments, ensuring that deliverables are on-time, within scope, and aligned with business requirements. Good to Having knowledge of Splunk models like SignalFx and Grafana