Splunk Subject Matter Expert (SME)

Job Title : Splunk Subject Matter Expert (SME)

Location: Malvern, PA or New York, NY Hybrid

Job Type : Full time

Responsibilities:

• We need a Splunk Subject Matter Expert (SME) to join our growing Information Security and Technology Operations team.
• This role is pivotal in driving enterprise-wide observability, threat detection, and operational intelligence through effective use of the Splunk platform.
• You will work closely with Infrastructure, Security, DevOps, and Application teams to develop and maintain Splunk dashboards, alerts, and reports that provide visibility into system health, performance, and security.
• Candidates must have Hands-on experience integrating Splunk with various data sources including AWS services (CloudTrail, CloudWatch, Lambda), Syslog, Windows/Linux logs, application logs, etc.

We are seeking a Splunk Subject Matter Expert (SME) to join our growing Information Security and Technology Operations team. This role is pivotal in driving enterprise-wide observability, threat detection, and operational intelligence through effective use of the Splunk platform. You will work closely with Infrastructure, Security, DevOps, and Application teams to develop and maintain Splunk dashboards, alerts, and reports that provide visibility into system health, performance, and security.

Key Responsibilities:

• Serve as the technical lead and owner of the Splunk platform across Customer s Bank enterprise systems.
• Architect, design, and deploy scalable Splunk solutions for infrastructure and application monitoring, as well as SIEM (Security Information and Event Management) use cases.
• Create and manage custom dashboards, scheduled searches, correlation rules, and event-based alerts.
• Support use case development for various business lines, including security event analysis, compliance reporting, and operational health monitoring.
• Onboard new data sources from cloud, on-premise, and hybrid environments into Splunk using Universal Forwarders, APIs, syslog, etc.
• Perform platform optimization, capacity planning, and performance tuning of Splunk environments (e.g., indexers, search heads, heavy forwarders).
• Assist in incident response and root cause analysis, leveraging Splunk data.
• Establish best practices and governance for Splunk content development across departments.
• Train and mentor junior staff and non-SME stakeholders in creating and using dashboards or alerts effectively.

Qualifications:

Required:

• 10+ years of experience in Splunk architecture, deployment, administration, and content creation.
• Experience developing queries using SPL (Search Processing Language).
• Hands-on experience integrating Splunk with various data sources including AWS services (CloudTrail, CloudWatch, Lambda), Syslog, Windows/Linux logs, application logs, etc.
• Strong knowledge of Linux/Unix and Windows server platforms.
• Familiarity with IT operations, log management, observability, and cybersecurity practices.
• Excellent communication skills to work cross-functionally with technical and non-technical stakeholders.

Preferred:

• Splunk certifications (e.g., Power User, Admin, Architect).
• Experience with SOAR tools (e.g., Splunk Phantom) or integrations with SIEM/SOAR solutions.
• Exposure to AWS Cloud Monitoring, S3 log collection, or similar cloud-native observability tools.
• Experience in the banking or financial services sector, particularly in regulatory and compliance environments.