Back to Careers
Pune, India
Cybersecurity

Splunk Analyst - SOC Admin

Position summary:

The Splunk Administrator is responsible for managing and optimizing the organization's Splunk environment. This role involves configuring, maintaining, and troubleshooting Splunk systems, ensuring data integrity, and providing insights through Splunk dashboards and reports. The ideal candidate will have a strong background in IT and cybersecurity, with hands-on experience in Splunk administration.

Key Responsibilities:

Splunk Management and Administration:

- Perform sizing of ennviornment based on customer enviornment.

- Install, configure, and manage Splunk instances and clusters.

- Perform regular maintenance and updates to Splunk systems.

- Perform configuration of search head, forwarder & heavy forwarder.

- Ensure high availability and performance of Splunk environments.

- Data Ingestion and Integration:

- Onboard data sources and configure data inputs.

- Develop and maintain data parsing and indexing processes.

- Integrate Splunk with various log sources and other monitoring tools.

- Develop apps to integrate non-supported devices/application.

Monitoring and Troubleshooting:

- Monitor the health and performance of Splunk systems.

- Conduct regular performance tuning, capacity planning, and system audits.

- Troubleshoot and resolve Splunk-related issues.

- Perform root cause analysis for system failures and performance issues.

Security and Compliance:

- Implement and maintain security best practices within the Splunk environment.

- Ensure compliance with relevant regulatory requirements and internal policies.

- Develop and enforce Splunk access controls and user permissions.

Dashboard and Report Development:

- Create and maintain custom dashboards, alerts, and reports.

- Work with stakeholders to identify requirements and deliver actionable insights.

- Optimize searches and reports for performance and efficiency.

Documentation, Training and Support:

- Document system configurations, SOPs, and troubleshooting procedures.

- Provide training and guidance to Level 1 and Level 2 support staff.

- Collaborate with IT and security teams to ensure seamless integration of Splunk.

- Keep documentation up-to-date with changes and best practices.

Other Knowledge Base:

- Should possess hands-on knowledge with Linux OS & Windows OS.

- Should have basic to mediator level knowledge in Networking skills.

- Possess knowledge in scripting like Python.

- Good to have knowledge in AWS, Azure or GCP

Required Qualification & Expertise:

- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

- Proven experience as a Splunk Administrator or similar role.

- Expertise in managing Splunk Enterprise, Splunk Cloud, and associated apps.

- Strong understanding of Splunk architecture, components, and configurations.

- Proficiency in Splunk Search Processing Language (SPL).

- Experience with data ingestion, parsing, and indexing in Splunk.

- Knowledge of IT infrastructure, networking, and cybersecurity principles.

- Excellent problem-solving skills and attention to detail.

- Strong communication and interpersonal skills.

Preferred Qualifications:

- Splunk Core Certified Power User, Splunk Enterprise Certified Admin or Splunk Certified Architect certification.

- Experience with scripting languages (e.g., Python, Bash) for automation.

- Familiarity with other SIEM tools and security technologies.

- Experience in a regulated industry (e.g., finance, healthcare).