Overview
We are seeking an experienced Senior Splunk Engineer to take over and operate the on-premise Splunk SIEM platform. As part of the transition from Infosys, you will be responsible for stabilizing and continuously improving an existing enterprise-scale SIEM environment.
You will own all Splunk operations across Plan & Build, 24 / 7 Operations, Release & Patch Management, CIM-based Log Onboarding, Parser development, Hardening, Configuration Management, and Incident / Problem / Change processes.
Responsibilities
Plan & Build
Perform CIM-compliant log onboarding, parser creation, documentation.
Conduct onboarding due diligence and demand analysis.
Create Firewall / VPN / Routing change requests and validate changes.
Manage ingestion pipelines via Cribl, Syslog-ng (TLS), Splunk UF / HF, SCP.
Deploy and scale Splunk components using Terraform and Ansible.
Build trend and capacity analyses.
Operations (24 / 7 enterprise-grade operations)
Ensure full Splunk platform operation, monitoring, performance, EPS / log flow.
Handle Incidents, Service Requests, Changes, and Problems under MBG ITSM.
Lead Major Incident Management (P1 / P2) with 24 / 7 on-call rotation.
Build and operate Health Check dashboards and QA reports.
Configuration & Release Management
Implement approved changes across Splunk components.
Perform daily configuration backups (KV stores, Apps, Configs).
Maintain automation libraries (Terraform, Ansible, scripts).
Manage Splunk patching and releases (maintain N-1 level).
Support up to 12 minor + 1 major release per year.
Security, Hardening & Compliance
System hardening and vulnerability remediation.
Operate via secure access methods (Jump hosts, SuSSHi, 2FA).
Conduct vulnerability scans and support SOC threat analysis.
Automate SOP-based operational workflows.
Transition
Take over existing MBG Splunk operations.
Validate and enhance current configurations, parsers, and deployments.
Ensure stability during transition and hypercare.
Requirements
Technical Skills
5–10 years Splunk / SIEM experience in large enterprises.
Expertise in Splunk Architecture, CIM onboarding, parser development, Syslog-ng, certificates.
Strong scripting : Terraform, Ansible, Bash / Python.
Experience stabilizing existing SIEM environments.
Certifications (required)
Minimum two of :
Splunk Core Certified User
Splunk Core Certified Power User
Splunk Enterprise Admin
Splunk Enterprise Architect
Optional: Splunk ES
Soft Skills
Strong communication in enterprise environments.
Clear documentation skills.
Proactive, quality-driven work style.
Fluent English (German beneficial).
#J-18808-Ljbffr