Splunk Subject Matter Expert

About the Role: We are seeking a highly experienced and dedicated Splunk Subject Matter Expert (SME) to join our team in Charlotte, North Carolina. The ideal candidate will possess deep expertise in the Splunk platform, including its architecture, deployment, administration, and optimization. This role is critical for leveraging Splunk to enhance our security posture, operational intelligence, and data analytics capabilities. You will be responsible for driving the strategic use of Splunk, ensuring its effective implementation and continuous improvement within our environment.

Key Responsibilities:

• Design, implement, and maintain robust Splunk architectures, ensuring scalability, performance, and high availability.
• Lead the integration and onboarding of diverse data sources into Splunk, ensuring data quality and proper indexing.
• Develop and optimize complex Splunk Search Processing Language (SPL) queries, dashboards, reports, and alerts to meet security, operational, and business intelligence requirements.
• Provide expert guidance on Splunk best practices for data ingestion, data modeling, search optimization, and security content development.
• Perform advanced troubleshooting and performance tuning of Splunk deployments to ensure optimal functionality.
• Collaborate with security operations, IT, and development teams to understand their data needs and translate them into effective Splunk solutions.
• Develop and deliver training to internal teams on Splunk usage, best practices, and new features.
• Stay current with the latest Splunk features, industry trends, and security threats to continuously enhance our Splunk capabilities.
• Ensure compliance with security policies and regulatory requirements through effective Splunk configuration and monitoring.

• 12+ years of hands-on experience with hands on experience on Splunk.
• Profound understanding of Splunk Enterprise and Splunk Cloud architecture, including indexers, search heads, deployers, and forwarders.
• Expertise in Splunk Search Processing Language (SPL) for complex data analysis, correlation, and visualization.
• Demonstrated experience with data onboarding from various sources (logs, databases, APIs, etc.).
• Strong knowledge of security principles and experience applying Splunk in a Security Information and Event Management (SIEM) context.
• Excellent problem-solving, analytical, and communication skills.

Desirable Skills:

• Splunk Certifications (e.g., Splunk Enterprise Certified Architect, Splunk Enterprise Certified Admin, Splunk Enterprise Security Certified Admin).
• Experience with Splunk Enterprise Security (ES) and Splunk IT Service Intelligence (ITSI).
• Familiarity with cloud platforms (AWS, Azure, Google Cloud Platform) and integrating Splunk with cloud-native services.
• Proficiency in scripting languages such as Python or Shell for automation and integration tasks.
• Experience with Agile methodologies and DevOps practices.
• Knowledge of network protocols, operating systems (Linux, Windows), and security technologies.