JOB OVERVIEW

We are looking to hire a Splunk Enterprise Security (ES) Certified Admin who will be responsible for managing and optimizing our Splunk ES platform and core infrastructure. The role involves end-to-end administration including installation, upgrades, scaling, and ensuring high availability.

REQUIRED QUALIFICATIONS:

• Splunk Enterprise Security Certified Admin certification (Mandatory).
• 3+ years of experience in SOC/SIEM administration with Splunk ES.
• Strong knowledge of Splunk Core concepts, search processing, data onboarding, and administration (Enterprise/Cloud).
• Experience configuring, tuning, and troubleshooting correlation searches, alerts, and dashboards.
• Proficiency with Linux/Unix environments and basic scripting (Python, Shell, or PowerShell).
• Strong analytical, troubleshooting, and problem-solving skills.

PREFERRED QUALIFICATIONS:

• Splunk Core Certified Power User / Advanced Power User / Admin / Architect.
• Splunk Certified Cybersecurity Defense Analyst.
• Experience with Splunk ES-SOAR integrations (Phantom, XSOAR, etc.).
• Knowledge of cloud-hosted Splunk (AWS, Azure, GCP).
• Familiarity with enterprise security frameworks (MITRE ATT&CK, NIST, ISO 27001).
• Experience working with cross-functional SOC and security engineering teams.
• CISSP, CE/H, CISA or similar certification
  Job Type: Full-time

License/Certification:

• Splunk Enterprise Security Admin Certification (Required)

Work Location: Remot

• Administer, configure, and maintain Splunk Enterprise Security (ES) application and core Splunk infrastructure (indexers, search heads, forwarders).
• Install, upgrade, and optimize Splunk ES platform ensuring availability, scalability, and performance.
• Configure and tune correlation searches, risk-based alerting (RBA), dashboards, and security use cases to support SOC operations.
• Manage ES data models, CIM compliance, threat intelligence feeds, and data normalisation.
• Onboard and parse data sources, create field extractions, and optimize ingestion pipelines.
• Develop and enhance security detections, dashboards, and incident response workflows aligned with SOC requirements.
• Collaborate with SOC analysts and stakeholders to deploy detection logic, threat hunting dashboards, and escalation rules.
• Support incident detection, investigation, and response workflows, reducing false positives and fine-tuning detection content.
• Integrate Splunk ES with SOAR, IAM, and other enterprise security solutions to enable automation and orchestration.
• Perform advanced troubleshooting for ingestion, search performance, and platform-related issues.
• Automate administrative tasks using scripting (Python, Shell, PowerShell).
• Ensure compliance with security frameworks (MITRE ATT&CK, NIST, ISO 27001) and support audit/reporting requirements.