Senior Splunk Engineer

Overview We are seeking an experienced Senior Splunk Engineer to take over and operate the on-premise Splunk SIEM platform. As part of the transition from Infosys, you will be responsible for stabilizing and continuously improving an existing enterprise-scale SIEM environment.

You will own all Splunk operations across Plan & Build, 24 / 7 Operations, Release & Patch Management, CIM-based Log Onboarding, Parser development, Hardening, Configuration Management, and Incident / Problem / Change processes.

Responsibilities

1. Plan & Build

Perform CIM-compliant log onboarding, parser creation, documentation.

Conduct onboarding due diligence and demand analysis.

Create Firewall / VPN / Routing change requests and validate changes.

Manage ingestion pipelines via Cribl, Syslog-ng (TLS), Splunk UF / HF, SCP.

Deploy and scale Splunk components using Terraform and Ansible.

Build trend and capacity analyses.

2. Operations (24 / 7 enterprise-grade operations)

Ensure full Splunk platform operation, monitoring, performance, EPS / log flow.

Handle Incidents, Service Requests, Changes, and Problems under MBG ITSM.

Lead Major Incident Management (P1 / P2) with 24 / 7 on-call rotation.

Build and operate Health Check dashboards and QA reports.

3. Configuration & Release Management

Implement approved changes across Splunk components.

Perform daily configuration backups (KV stores, Apps, Configs).

Maintain automation libraries (Terraform, Ansible, scripts).

Manage Splunk patching and releases (maintain N-1 level).

Support up to 12 minor + 1 major release per year.

4. Security, Hardening & Compliance

System hardening and vulnerability remediation.

Operate via secure access methods (Jump hosts, SuSSHi, 2FA).

Conduct vulnerability scans and support SOC threat analysis.

Automate SOP-based operational workflows.

5. Transition

Take over existing MBG Splunk operations.

Validate and enhance current configurations, parsers, and deployments.

Ensure stability during transition and hypercare.

Requirements

Technical Skills

5–10 years Splunk / SIEM experience in large enterprises.

Expertise in Splunk Architecture, CIM onboarding, parser development, Syslog-ng, certificates.

Strong scripting : Terraform, Ansible, Bash / Python.

Experience stabilizing existing SIEM environments.

Certifications (required)

Minimum two of :

Splunk Core Certified User

Splunk Core Certified Power User

Splunk Enterprise Admin

Splunk Enterprise Architect

Optional : Splunk ES

Soft Skills

Strong communication in enterprise environments.

Clear documentation skills.

Proactive, quality-driven work style.

Fluent English (German beneficial).