Role and Responsibilities :

Softility Inc. seeks a potential Splunk consultant with minimum 5-6 years of experience focused on Splunk Core responsibilities like architecting Splunk Enterprise set-up and managing the high availability.

This role will join the Softility - Observability & Cloud Solutions Practice that is responsible for managing the Multi tenancy Splunk & Cribl Enterprise of reputed clients with vast infrastructure located in various locations across the globe. This is a strategic position and will be instrumental in the design, implementation, support, performance, optimization and integrity of the Logging ecosystem. You will work closely with multiple stakeholders and global partners.

This is a multi-disciplinary role that will interact directly with developers and different IT functions including Security Engineering teams to :

- Integration of various applications and databases to Splunk Enterprise.

- Analyze the existing Splunk set-up to assess the data flow from log sources.

- Identify the data size inflow to Splunk & Cribl and charter action plan for optimization of data.

- Analyze the required Splunk & Cribl specifications to set up seamless logging flow for Greenfield regions.

- Independently manage and execute the one-time set up and administer the on-going activities.

- Configure Index and Search Head clustering and integrate with Enterprise Security Search heads.

- Configure Cribl workers and leader to ensure log ingest from sources flow through Cribl stream with necessary optimization filtering across the pipelines.

- Enable connectivity between multi tenancy Splunk and Cribl for seamless InfoSec monitoring.

- Review and identify the noise and unwanted log flow ingest and prepare the estimates for Leadership review

- Clearly communicate the risk stakes and business impact that may occur in infrastructure changes.

- Brainstorm on the probable approaches and best practices in Logging implementations.

- Handle change management and work as On-Call if required.

Must Have :

- Minimum 3 years of experience in Splunk real-time deployments and configuration of Cribl worker nodes and filtering.

- Minimum 3 years of experience in Splunk Administration and operational support.

- Hands on experience in using version control tools such as Git/GitHub.

- Hands on with log management systems like syslog-ng or rsyslog.

- Intermediate or advanced level in any scripting or Python languages.

- Experienced in working with business partners to gather and interpret requirements

- Effective documentation, communication, and interpersonal skills able to collaborate within the immediate team as well as with other groups in IT.

Preferred Skills :

- Hands-on experience in managing Splunk & Cribl infrastructure and Enterprise Security configurations.

- Splunk Architect certification or equivalent would be an added advantage.