Splunk Administrator

Title: Splunk Administrator 

Hire Type: Full-Time Permanent  

Location: Alpharetta, GA; Charlotte, NC; Chicago, IL; Conshohocken, PA; Denver, CO; Fargo, ND; Garden City, NY; Houston, TX; Lubbock, TX; Morristown, NJ; Mt Juliet, TN; New York, NY; Purchase, NY; Topeka, KS - Hybrid 

Role Summary: The Splunk Administrator is responsible for supporting and maintaining Client’s Splunk Cloud environment and associated log ingestion components. This role ensures reliable data collection across diverse sources, monitors platform health and capacity, and performs ongoing administration, updates, and configuration to support security operations and analytics. 

Roles & Responsibilities:  

• Monitor log ingestion volumes and platform health using custom searches and Splunkbase tools. 

• Ensure reliable log delivery and troubleshoot ingestion interruptions across supported sources. 

• Administer intermediate log collection components, including Logstash, syslog, Heavy Forwarders, and related services. 

• Manage Splunk application configurations on Universal Forwarders using the Splunk Deployment Server. 

• Perform Universal Forwarder upgrades and maintenance to address security, stability, and version requirements. 

• Manage and update Splunk applications within the Splunk Cloud environment. 

• Collaborate with security and infrastructure teams to support onboarding of new log sources. 

• Document configurations, procedures, and troubleshooting steps for operational use. 

Technical Qualification: Hands on experience administering: 

• 3 to 5 years of hands‑on experience administering Splunk in an enterprise environment. 

• Splunk Cloud and on prem Splunk infrastructure, including Heavy Forwarders, Deployment Server, and Universal Forwarders. 

• HTTP Event Collector 

• Common Splunk Technology Add ons,  including Azure, Okta, and other cloud services. 

• Splunk data models and data normalization practices. 

• Splunk features such as alert actions, SAML based authentication, KV store, and lookups. 

• Splunk role based access controls and permission models. 

• Data management features including DDAS and reindexing processes. 

Familiarity with: 

• Azure Event Hubs, Kafka, Log Analytics Workspaces, and cloud based logging pipelines. 

• Windows Event Collection and Windows Event Forwarding 

General Qualification: 

• Ability to create clear, concise technical documentation for both technical and non‑technical audiences. 

• Strong analytical and troubleshooting skills with the ability to work independently. 

• Effective time and priority management in a multi task operational environment. 

• Strong written and verbal communication skills.