- Operate and maintain existing Log Management Infrastructure by designing system configuration, directing system installation, and defining, documenting, and enforcing system standards.

- Maximizes system performance by monitoring performance, troubleshooting problems and outages, scheduling upgrades;

Collaborating with network and system team to ensure all required logs are collected; Ensuring all Service Requests, Incidents, and Problems are completed/resolved within the required time period; Reporting of operational status by gathering, prioritizing information;

- Knowledge of ArcSight or Splunk

- Responsible to install and configure the Splunk forwarder agent across various OS in the Application environment to collect the data feeds into Splunk Environment

- Log Analysis and creation of Splunk knowledge objects

- Responsible to create an index with appropriate retention and retirement policies by managing the bucket policies

- Scheduled Splunk based Reports and Alerts to monitor the system health performance and breaches

- Maximizes system performance by monitoring performance, troubleshooting problems and outages, scheduling upgrades;

- Experienced in implementing and clustering to maintain data availability and disaster recovery

- Created Splunk automatic lookups and workflows

- Requirement Experience with interconnected, heterogeneous systems

- Networking background, WIN or Nix systems administration

- Familiarity with common infrastructure technologies

- Strong understanding of industry standards and technologies

- Implements and maintains

- Splunk platform infrastructure and configuration

Your key responsibilities :

- Develop advanced scripts for the manipulation of multiple data repositories to support analyst software application requirements, and analyze information to determine, recommend and plan the delivery of large data sets.

- Splunk administration in environments like windows servers, and Redhat Linux enterprise servers.

- Create Splunk apps, searches, data models, dashboards, reports, and alerts using Splunk query language.

- Create shell scripts to install Splunk forwarders on all the servers with configuration files such as, inputs.conf, props.conf, etc.

- Work with multiple data source owners to onboard data sources by parsing and normalizing the data by following best practices.

- Develop distributed Splunk applications, including requirement gathering, coordinating Splunk setup

- Support, maintain, and expand Splunk infrastructure to meet future architecture design and deployment requirements

- Perform basic and advanced scripting tasks with Splunk to automate repeatable processes using Python

- Design implement and optimize Splunk applications (to include Enterprise Security), queries, knowledge objects, and data models.

- Develop new dashboards, searches, and alerts to enhance Enterprise Security use cases.

- Deploy Best Practices for developing Splunk Apps and create conceptual architecture for a continuous improvement initiative

- Provide Impact assessment for migration efforts.

- Build PoCs for Splunk enhancements

- Monitored notable events through Splunk enterprise security.

- Interact with the data warehousing team to extract the data identifying field for CIM mapping.

- Write automation scripts for the rest of API testing.

- Work with front-end applications to help guide users toward various apps across the Splunk enterprise system.

- Writing complex regex patterns using if, rex command, and regex to extract the data to support the stakeholders requirements to build use cases.

- Define strategy and design software application solutions around data collection, aggregations, and summarization processes.

- Design Splunk system solutions to meet growth while maintaining a balance between performance, stability, scalability, and agility.

- Develop automation scripts to automate most of the daily jobs to increase efficiency and reduce human errors.

- Design Splunk system solutions to meet growth while maintaining a balance between performance, stability, scalability, and agility.

- Troubleshoot Splunk server and agent problems and issues

- Migrate from one SIEM solution to another

- Excellent Problem solving and problem-resolution skills

- Should have knowledge of a scripting language and UNIX command line.

- Strong Cyber Security Background

Primary Skills :

- Splunk agent installation and data ingestions expertise.

- Splunk certified and knowledge of heavy forwarders is a plus.

- Splunk Certified Consultant II and Splunk Certified Architect Certifications.

- Must have : At least 5 years of hands-on experience designing, architecting, and implementing Splunk globally for global financial institutions.

Must Have :

- Strong Experience with Windows/Linux.

- Excellent written and oral communication.