Splunk Platform Engineer

We are seeking a Splunk Platform Engineer to own, operate, and optimize our on-prem and hybrid Splunk platform, supporting enterprise logging, security monitoring (SIEM), and observability capabilities.
This role is responsible for ensuring the availability, performance, scalability, and cost-efficiency of the Splunk environment, while enabling Security Operations, IT Operations, and Application teams with reliable, high-quality telemetry and actionable insights.
 
With the following results (SMART)
 
Architect, deploy, and manage on-prem Splunk Enterprise environments, including:
• Indexer clusters
• Search Head clusters
• Heavy and Universal Forwarders
• Deployment Server and License Manager
• Ensure high availability, disaster recovery, and platform resilience
• Perform version upgrades, patching, and lifecycle management

Data Engineering & Optimization
• Design and maintain index strategies, retention policies, and tiered storage (hot/warm/cold/frozen)
• Control ingestion volume through filtering, routing, and parsing optimization
• Ensure Common Information Model (CIM) compliance and data model acceleration efficiency
• Optimize search performance, dashboard load times, and resource utilization

Security & SIEM Enablement
• Operate and tune Splunk Enterprise Security (ES)
• Implement correlation searches, risk-based alerting, and notable event workflows
• Maintain threat detection coverage aligned to MITRE ATT&CK
• Support audits, compliance reporting, and SOC operations

Observability & Hybrid Integration
• Integrate Splunk Observability Cloud with on-prem Splunk Enterprise
• Enable APM, infrastructure monitoring, and telemetry correlation across hybrid environments
• Support Kubernetes, cloud workloads, and application telemetry pipelines

Governance & Cost Management
• Manage Splunk licensing, ingestion forecasting, and capacity planning
• Implement data governance and compliance controls
• Track and report platform KPIs to leadership and stakeholders