Splunk Enterprise Security (ES)

• Install, configure, and manage Splunk environments (on-prem/cloud).
• Maintain and optimize Splunk architecture, indexers, forwarders, and search heads.
• Develop and manage custom Splunk apps, dashboards, alerts, and reports.
• Create and tune Enterprise Security (ES) correlation searches, dashboards, and security content.
• Ingest and normalize logs from various sources using CIM (Common Information Model).
• Work closely with Security Operations and Engineering teams to define use cases and detection logic.
• Perform upgrades, patching, and troubleshooting of Splunk and ES apps.
• Monitor Splunk performance and ensure high availability and reliability.

• Experience as a Splunk Admin/Developer in enterprise environments.
• Strong experience with Splunk Enterprise Security (ES) content development.
• Expertise in SPL (Search Processing Language).
• Experience with log onboarding and CIM normalization.
• Knowledge of security concepts (SIEM, SOC operations, MITRE Telecommunication&CK).
• Familiarity with scripting languages (Python, Bash) for automation.
• Splunk certifications preferred (e.g., Power User, Admin, Architect, ES).

• Experience integrating Splunk with threat intelligence platforms and SOAR.
• Knowledge of AWS/GCP/Azure logging and monitoring.
• Strong problem-solving and performance tuning skills.

Diverse Lynx