Software Developer - Splunk

Role & Responsibilities :

- Design, implement and maintain Splunk ingestion pipelines : configure forwarders, HEC, indexers and deployment servers to ensure reliable, scalable data onboarding.

- Author and optimize advanced SPL searches, dashboards, reports and alerts to support monitoring, incident detection and business analytics.

- Develop data parsing, props.conf and transforms.conf rules and map data to the Common Information Model (CIM) for consistent analytics.

- Install, configure and operate Splunk components (search heads, indexers, clusters) and manage app/add-on lifecycle using automation.

- Integrate log and metric sources from cloud (AWS/Azure) and on-prem systems via syslog, REST/HEC and custom ingestion connectors.

- Troubleshoot performance, tune searches, manage retention/indexing strategy and support capacity planning and upgrades.

Skills & Qualifications :

Must-Have :

- Proven experience implementing and operating Splunk Enterprise in production environments.

- Advanced SPL query authoring and search optimization experience.

- Hands-on knowledge of data onboarding and parsing (props.conf, transforms.conf) and CIM mapping.

- Experience configuring Splunk components : forwarders, HEC, indexers, search heads and deployment server.

- Working knowledge of Linux and scripting for automation (Python or Bash).

- Experience integrating logs/metrics from cloud platforms (AWS/Azure) and common enterprise sources.

Preferred :

- Splunk certifications (e.g., Splunk Certified Power User, Splunk Certified Admin).

- Experience with Splunk Enterprise Security (ES) and security use-cases (detections, notable events).

- Familiarity with CI/CD and infrastructure-as-code for Splunk app deployments (Jenkins, Ansible, Terraform).