Splunk Engineer/Administrator

Job Title: Splunk Engineer/Administrator

Location: San Antonio, TX / Irvine, CA Onsite(Need only locals)
Exp:12+
Visa: USC or GC



Qualifications:

· 10+ years of overall IT experience.

· 3+ years’ experience in managing, designing, configuring Splunk environment (both on-prem and cloud)

· 3+ years’ experience in Linux environment including administration, scripting, or supporting applications.

· Experience with Splunk Enterprise Security Premium Application and Splunk Enterprise.

· Experience in requirement gathering and documentation.

· Experience in developing and supporting Splunk Applications.

· Experience in automation with programming languages like Python, JAVA, .Net, Ansible is a plus.

· Experience in technologies like GIT, JIRA, Automation Testing.

· Familiarity with Phantom, Cloud computing, Web Interfaces, Databases, Big Data technologies (like Hadoop, Kafka etc.)

· Understanding of Continuous Delivery and Continuous Integration.

· Splunk Admin Certification is mandatory.

· Excellent communication and interpersonal skills.

· Splunk core admin experience is mandatory.



Responsibilities:

· Support, admin, maintain, and expand Splunk infrastructure to meet future architecture design and deployment requirements.

· Develop distributed Splunk applications, including requirement gathering, coordinating Splunk setup.

· Recommended Splunk implementation best practices and fixes.

· Design, implement, and optimize Splunk applications (to include Enterprise Security), queries, knowledge objects, and data models.

· Perform basic and advanced scripting tasks with Splunk to automate repeatable processes using Python.

· Deploy Best Practices for developing Splunk Apps and create conceptual architecture for continuous improvement initiative.

· Provide Impact assessment for migration efforts.

· Support Performance Testing and User Acceptance Testing.

· Design and implement Custom Searches and reports.

· Build proof of concepts for Splunk enhancements.

· Tuning information model, defining reusable templates.

· Define reusable view templates, and retention & archival policies.

· Provide Impact assessment for migration efforts and coordinate migration activities .



Nice to Have:

· Experience in Security information and event management (SIEM).

· Experience with RTIR.

· Certifications in Splunk, CISSP or similar.