Educational requirements: Bachelor
English requirements: Competent English
Requirements for skilled employment experience for years: 1-3 years
Required residence status: Temporary visa, Permanent resident, Citizen
Accept remote work: unacceptable
Position Summary:
Splunk Engineer/Administrator is needed to development and grow our Splunk environment and work with infrastructure and application teams not familiar with Splunk and manage clusters & data onboarding & incident management and dashboard works and manage Cribl environment. This position will work closely with Infrastructure, Application, Network, Security, and Business Intelligence teams getting started with Splunk.
Mandatory Skills:
Provide end-to-end technical oversight across all aspects of Splunk technology, including add-ons and knowledge objects, correlation searches, CIM Monitor and maintain Splunk performance, availability, and capacity Support large-scale deployments with data feeds from multiple tier deployment on premise data centers Manage Cribl node and all Cribl data ingestions. Manage all Splunk Premium apps such as ITSI, Splunk ES, Splunk UBA and predictive analysis use cases. Release & Patch Upgradation of Splunk UBA on Various Servers Versed in Splunk Knowledge objects, Saved Searches, Reports/Alerts Development. Manage data onboarding flow Inputs(inputs), Parsing (Props & transforms), Indexing (indexes.conf) and Searching (Props & transforms) Create data summary creations (Summary Index, Report acceleration and Data model acceleration), extensively used most of knowledge objects & components in Splunk, implemented best practices in platform Maintain regulatory awareness and compliance Platform upgrades with ~150 Apps installed in the platform, which also require updates. identifying badly written queries and fine tune them to consume less server resources and modifying data models, Knowledge objects etc Develop Ansible playbooks to work on automation use cases Manage Hec / rsyslog / syslogng / net-snmp (version 3) / Db connects Support development of scripts (python, JavaScript, etc.) as needed in support of data collection or integration Manage AWS/Azure platforms (Needs to create EC2 instance and integrate all type (cloud watch, description, kinesis) of logs into Splunk) Duties and Responsibilities:
Manage Multi/single site clusters and resolve & troubleshoot the issues on indexers and search heads. Monitor Splunk clusters, HF status, ES, ITSI, and UBA to troubleshoot & resolve if there is any issues, and always keep platform stable and clean. Develop scripts to automate tasks and manipulate data Mange Cribl nodes and leader node and build new worker nodes based on requirement and configure data flow mechanism and onboard new data sources using the Cribl Fluent with Linux OS, including knowledge of applications such as rsyslog / syslogng / net-snmp Able to create co-relation searches for security use cases, troubleshoot on notable creations, and provide support to other security applications in Splunk. Manage data onboarding requests and work on best onboarding technique. Engage application and infrastructure teams to establish best practices for utilizing Splunk data and visualizations. Track work effectively under SLA’s Manage to be a Splunk language (SPL) expert and work on event management integration.
