About the Role :

We are seeking an experienced Splunk Consultant/Administrator with strong expertise in Splunk and Elastic Search to support enterprise-scale security monitoring, log analytics, and operational intelligence. The ideal candidate will have a proven track record of driving large-scale deployments, working closely with customers to solve complex problems, and ensuring seamless integration of security tools within SOC environments.

Key Responsibilities :

Splunk Deployment & Administration :

- Drive and manage complex Splunk deployments across enterprise environments.

- Onboard, configure, and optimize diverse log sources into Splunk Enterprise/Splunk Cloud.

- Install, configure, and manage Splunk apps, add-ons, and knowledge objects.

- Monitor, fine-tune, and optimize Splunk infrastructure for performance and scalability.

- Develop and maintain advanced dashboards, reports, and alerts for monitoring use cases.

Collaboration & Solutioning :

- Work side-by-side with customers to solve unique problems across IT, security, and business operations use cases.

- Collaborate across cross-functional teams (Product, Engineering, Security, IT Ops) to deliver tailored solutions.

- Share best practices, provide training, and guide clients to maximize the value of Splunk.

Security Operations (SOC Support) :

- Perform advanced SOC functions including monitoring, alerting, triage, escalation, and incident resolution.

- Conduct incident investigations using Splunk, Elastic Search, and threat intelligence data.

- Assist clients in resolving advanced security incidents and defining incident response playbooks.

- Perform intelligence research and enrich detection rules to enhance security monitoring.

Elastic Search Administration :

- Design, deploy, and manage Elastic Search clusters for log indexing, storage, and search optimization.

- Configure Elastic Search pipelines for log ingestion, parsing, and enrichment.

- Perform fine-tuning and scaling for large volumes of log and security data.

- Integrate Elastic Search with SIEM/SOAR tools for enhanced detection and correlation.

Skills & Qualifications :

Must Have :

- Splunk Administrator (Advanced) - 6-9 years hands-on experience.

- Elastic Search (Advanced) - 6-9 years experience in deployment and management.

- Strong knowledge of SPL (Search Processing Language) and Elastic Query DSL.

- Experience in creating advanced dashboards, correlation searches, and reports.

- Proven SOC operations experience (incident triage, alerting, resolution).

- Strong problem-solving skills in undefined or high-pressure situations.

- Experience with threat intelligence research and correlation.

Preferred Skills :

- Knowledge of SOAR platforms (Phantom, Demisto, or similar).

- Familiarity with cloud security logging (AWS, Azure, GCP).

- Knowledge of Linux, Windows administration, and networking fundamentals.

- Certifications such as Splunk Certified Admin/Architect/Power User or Elastic Certified Engineer.