SPLUNK ENTERPRISE SECURITY (ES) CERTIFIED ADMIN – REMOTE (USA)

Location: Remote (USA only)
Eligibility: U.S.-based candidates only
Experience Required: 8+ years (minimum 5+ years in Splunk administration)
Certification: Splunk Enterprise Security (ES) Certified Admin – Mandatory
Job Type: Full-time / Contract

ABOUT US

We are a global cybersecurity and IT consulting organization, trusted by Fortune 500 companies and large enterprises worldwide. Our expertise spans threat detection, SIEM, SOC operations, and advanced monitoring solutions.
We are currently hiring a Splunk Enterprise Security (ES) Certified Admin for one of our esteemed clients in the U.S. This role is fully remote and offers an opportunity to work on enterprise-scale security operations in a dynamic and challenging environment.

REQUIRED QUALIFICATIONS

• ✅ Splunk Enterprise Security (ES) Certified Admin (mandatory)
• 8+ years of IT/security experience with minimum 5+ years in Splunk administration
• Strong knowledge of Splunk Enterprise and Splunk ES architecture, clustering, and scaling
• Proficiency in SPL (Search Processing Language) for advanced queries and dashboards
• Experience with CIM, field extractions, and security data modeling
• Familiarity with cloud (AWS, Azure, GCP) and hybrid environments
• Scripting experience (Python, Bash, PowerShell) for automation and integrations
• Excellent analytical, troubleshooting, and communication skills
• Must be U.S.-based and authorized to work in the United States

PREFERRED SKILLS

• Experience with Splunk SOAR / Phantom
• Exposure to threat intelligence platforms and SIEM integrations
• Prior experience in regulated industries (finance, healthcare, government, etc.)

HOW TO APPLY

If you are a Splunk Enterprise Security (ES) Certified Admin with 8+ years of experience and are looking for your next exciting challenge, we encourage you to apply with your updated resume. Please include details of your Splunk ES certification and relevant project experience.
Job Types: Full-time, Contract
Pay: $37.37 - $45.00 per hour

License/Certification:

• Are you Splunk ES Certified Admin? (Required)

Work Location: Remot

ROLE OVERVIEW

The Splunk ES Certified Admin will be responsible for end-to-end administration and optimization of Splunk Enterprise Security (ES). This includes managing large-scale deployments, onboarding data sources, fine-tuning correlation searches, and supporting SOC teams to enhance threat detection and response capabilities.
This is a senior-level position that requires hands-on expertise, strong problem-solving skills, and proven experience in Splunk ES administration.

KEY RESPONSIBILITIES

• Administer, configure, and maintain Splunk Enterprise Security (ES) across enterprise environments.
• Onboard diverse log sources, normalize data (CIM compliance), and ensure consistent data ingestion.
• Implement and optimize correlation searches, dashboards, risk-based alerting, and security use cases.
• Monitor and troubleshoot Splunk ES performance, scaling, and clustering.
• Manage license usage, upgrades, patching, and app/add-on integrations.
• Collaborate with SOC analysts, threat hunters, and security engineers to strengthen detection and response.
• Ensure Splunk ES aligns with industry security frameworks (NIST, MITRE ATT&CK, PCI DSS, ISO 27001, etc.).
• Provide documentation, SOPs, and knowledge transfer for client-side teams.