QSOC Engineering - Splunk Administrator and Developer

Information Technology Requisition ID 6131 India


Job Description - In this role, you will be responsible in Supporting the Spunk automation for various infra metrics and big data analysis and support the Splunk environment. As a Splunk administrator and developer you will play a key role in the analysis & reporting of issues from various data sources and automation

Responsibilities -

  • Design strategies for ingesting, normalizing, correlating, and reporting on large data sets
  • Understand business needs to explore large data sets and create new and innovative reports
  • Expert to write Splunk Processing Language (SPL) & able to design and customize complex search queries
  • Create reports to meet specific stakeholder requirements
  • Optimize Splunk data models, summary indexes, and searches for performance
  • Develop custom Splunk apps, dashboards, technical add-ons, and custom search commands.

Qualifications we seek in you! Minimum qualifications -

  • Working experience on SIEM, UEBA and XDR solutions like Splunk, Qradar, Securonix, Elastic etc
  • Experience in development with relevant experience in Splunk development and related platform
  • Superior analytical and problem-solving skills
  • Relevant years of experience with Splunk ES
  • Be expert in Splunk Processing Language (SPL) able to design and customize complex search queries
  • Able to optimize queries, use data models and summary indexes in appropriate way to ensure searches run in most efficient and cost effective way
  • Proficient in Splunk Knowledge Objects and has developed Multiple complex Splunk Dashboards, Reports and Alerts
  • Proficient in Splunk Advanced Dashboarding skills
  • Good understanding of SIEM architecture, log ingestion, indexing, parsing
  • Familiar with Splunk Monitoring and deployment tools and Splunk standards
  • Proficient in Parsing, Indexing, Searching Concepts like Hot, Warm, Cold Frozen bucketing.
  • Experience in design, development, integration, testing, and implementation of a large-scale analytical data sets in SPLUNK
  • Define, maintain, and enforce best practices for the Splunk practice
  • Produce metrics for platform performance, capacity, user management
  • periodically Develop and maintain support documentation for technical add-ons
  • Help the team with analyzing, identifying, and tuning user applications/dashboards for performance
  • Act as a Subject matter expert for Splunk developer community
  • Strong knowledge and experience of scripting language such as Python, Bash, Powershell
  • Good understanding of log collection methodologies and aggregation techniques such as syslog-ng, Windows event forwarding, API base log collection etc.
  • Experience in creating security use cases, dashboard and reports on SIEM platforms

Preferred qualifications -

  • Working knowledge of cloud technologies such as AWS, Azure, GCP, OCI
  • Knowledge of IT production operations is desired
  • Experience with Splunk on a large enterprise level with distributed Splunk Architecture
  • Help define change governance process and helping customers adhere to the governance practices
  • Ability to apply change management process Practical working skillset with industry best practices
  • Understanding on Rest API and its interaction with device and system
  • Understanding of Security solutions like EDR, Antivirus, Email Security, Firewalls, WAF, HIDS, IPS etc
  • Ability to communicate effectively with all levels audience in organization
  • Understanding of distributed architecture

EEO Employer/Vet/Disabled