Splunk Admin

Position: Splunk Admin

Location: Raleigh, NC - Remote

Duration: 12 Months

Job Description:

• Mid-level (5+ years infrastructure, platform engineering, or enterprise systems experience; 3+ years hands-on Splunk implementation and administration required)

Key Responsibilities

• Design and implement standardized data onboarding procedures and configurations for applications; establish repeatable patterns and templates
• Conduct technical onboarding of applications into Splunk Cloud: configure data inputs, create parsing rules, establish field extractions, and build data models
• Map application data and security events to Splunk Common Information Model (CIM); identify and document relevant SIEM use cases
• Build and optimize data models, lookups, and knowledge objects to support reporting, alerting, alerting rule creation, and compliance requirements
• Design and implement automated onboarding pipelines using Git-based configuration management, Ansible playbooks, and CI/CD workflows to reduce manual effort and improve consistency
• Establish and enforce standardized tagging conventions, naming standards, and data organization principles across all onboarded applications
• Collaborate with Business Analysts to translate requirements into technical specifications; support requirements clarification and feasibility assessment
• Work alongside 3 peer Splunk Data Admins to execute onboarding at scale; establish code review and peer collaboration practices to maintain quality
• Partner with client's existing team to establish best practices; prepare them to sustain and evolve the platform post-engagement
• Provide consultation to Splunk users and stakeholder teams on best practices, use cases, and guidance for creating and maintaining knowledge objects
• Deliver training and knowledge-sharing sessions to Enterprise Monitoring Team and partner IT teams on standardized onboarding procedures and platform capabilities
• Integrate Splunk with complementary monitoring and infrastructure platforms (Dynatrace, SolarWinds) to ensure cohesive observability workflows
• Serve as primary technical point of contact for complex Splunk platform issues during the engagement period; support incident response as needed in collaboration with client's operations team
• Monitor Splunk platform health and performance; proactively identify and resolve bottlenecks, optimization opportunities, and infrastructure constraints
• Correlate and reconcile disparate events and data sources from multiple monitoring platforms to ensure consistent, reliable alerting and reporting
• Troubleshoot and resolve complex data integration challenges; identify data quality issues, reconciliation gaps, and root causes
• Document technical architecture, configuration decisions, onboarding procedures, and lessons learned to enable knowledge transfer and future maintenance
• Participate in ongoing optimization and performance tuning as volume and complexity increase throughout the engagement

Required Technical Skills

Splunk Platform Experience

• Advanced Splunk Enterprise and Splunk Cloud administration
• Strong knowledge of data models, data model accelerations, and knowledge objects
• Deep understanding of Common Information Model (CIM) and data normalization principles
• Experience with advanced search optimization, lookup tables, and automated lookups
• Proficiency with Splunk Enterprise Security (ES) platform and SIEM use cases
• Knowledge of Splunk Cloud-specific features, limitations, and best practices
• Understanding of Splunk licensing, data ingestion pipelines, and performance tuning

Data Integration & Onboarding

• Hands-on experience designing and implementing data ingestion pipelines
• Expertise in log parsing, data transformation, and field extraction
• Understanding of structured and unstructured data integration challenges
• Ability to map applications to standard data models and create repeatable onboarding procedures
• Experience with data quality assessment, reconciliation, and validation workflows
• Knowledge of event processing pipelines and real-time vs. scheduled search optimization

DevOps & Automation

• Strong proficiency with Git version control and collaborative development workflows (branching, pull requests, code reviews)
• Hands-on experience with Ansible for infrastructure automation and configuration management
• Experience with CI/CD pipelines and automated deployment processes
• Scripting and automation using Python, Bash, or similar languages
• Understanding of Infrastructure-as-Code (IaC) principles and practices

Security & Compliance

• Understanding of SIEM platforms and security event management workflows
• Knowledge of common security use cases (authentication, access control, threat detection, incident response)
• Familiarity with compliance frameworks (SOX, PCI-DSS, HIPAA) and audit trail requirements
• Understanding of data classification and security-sensitive log handling

Required Certifications & Education

• Bachelor's degree in Computer Science, Information Technology, Engineering, or related field (or equivalent professional experience)
• Minimum 3+ years of hands-on Splunk Enterprise administration and implementation experience
• Minimum 5+ years of infrastructure, platform engineering, systems administration, or related technical domain experience
• Splunk Certified Admin (SCA), Splunk Certified Power User (SCPU) and Splunk ES certification or coursework completed required; additional Splunk certifications (e.g., SCS, Developer) preferred

Desired Technical Skills

Additional Monitoring Tools

• Knowledge of complementary observability platforms (Dynatrace, SolarWinds, Prometheus, Elastic)
• Understanding of how Splunk integrates with broader monitoring and observability stacks

Banking & Regulated Environment Experience

• Experience in financial services, banking, or other regulated industries
• Familiarity with enterprise IT governance, change control, and third-party risk management (TPRM) processes
• Understanding of enterprise architecture frameworks and federated governance models

Advanced Splunk Capabilities

• Experience with Splunk add-ons and custom app development
• Familiarity with Splunk Diag, troubleshooting tools, and performance diagnostics
• Knowledge of Splunk API and programmatic integration approaches

________________________________________

Nice to Have Technical Skills

System Architecture & Technical Problem-Solving

• Ability to design scalable, standardized solutions that work across diverse applications
• Strong troubleshooting and diagnostic skills for complex data integration issues
• Experience with performance tuning, bottleneck identification, and optimization
• Ability to document technical architecture and decisions for knowledge transfer
• Proven track record of successfully delivering complex Splunk implementations or migrations on schedule and within quality standards
• Experience onboarding applications or systems into a centralized platform or data warehouse
• Demonstrated expertise in designing and implementing repeatable, scalable processes at enterprise scale
• Strong experience with Git workflows, Ansible automation, and DevOps tooling in production environments
• Experience working in financial services, healthcare, or other regulated industries with compliance and audit requirements
• Ability to work embedded within client organization for extended engagement period; comfort with fast-paced, deadline-driven environments
• Familiarity with enterprise IT governance frameworks, change control processes, and third-party management
• Willingness to travel to Raleigh headquarters and stakeholder sites as needed for technical discovery and team alignment sessions

Soft Skills

• Technical leadership: Ability to make sound architectural decisions under time pressure; confidence in your expertise and willingness to challenge inefficient approaches
• Collaboration: Genuine partnership mindset; ability to work well with peers, project managers, business analysts, and client technical staff
• Communication: Ability to explain complex technical concepts clearly; skill in documenting decisions and procedures for diverse audiences
• Problem-solving: Creative, methodical approach to troubleshooting; comfort with ambiguity and ability to research and learn new areas quickly
• Attention to detail: Discipline in following standards and best practices; meticulous approach to configuration management and documentation
• Accountability: Ownership mentality; commitment to high quality and on-time delivery despite aggressive timelines
• Adaptability: Flexibility in approach based on emerging requirements; resilience in managing change and evolving priorities
• Continuous learning: Commitment to staying current with Splunk platform updates, security best practices, and DevOps methodologies