Senior Splunk Architect & Developer Location: [Remote / Hybrid]

job summary:

Randstad Digital is seeking a highly skilled and strategic Senior Splunk Architect & Developer to lead the design, implementation, and continuous enhancement of our enterprise observability platform.

In this role, you will bridge the gap between traditional log management and modern full-stack observability. You will be responsible for architecting our core Splunk ecosystem, deploying advanced AIOps capabilities using Splunk IT Service Intelligence (ITSI), and driving the adoption of distributed tracing and metrics via Splunk Observability Cloud. The ideal candidate is both a visionary architect capable of defining our observability roadmap and a hands-on developer adept at writing complex SPL, Python scripts, and custom integrations.

location: Edison, New Jersey

job type: Solutions

salary: $75 - 105 per hour

work hours: 9am to 5pm

education: Bachelors



responsibilities:

Key Responsibilities Splunk Architecture & Core Engineering

• Platform Architecture: Design, scale, and maintain high-availability Splunk Enterprise/Cloud architectures, ensuring optimal performance, data ingestion, and resource utilization.
• Data Onboarding & Governance: Develop best practices for log ingestion, parsing, normalization (CIM compliance), and enrichment across a hybrid-cloud environment.
• Cost & Capacity Management: Monitor system performance, manage indexer routing, and optimize data storage (SmartStore) and licensing costs without sacrificing visibility.
• Security & Compliance: Ensure Role-Based Access Control (RBAC), data masking, and compliance with data retention policies across all telemetry data.

Splunk IT Service Intelligence (ITSI) & AIOps

• Service Modeling: Architect and build out ITSI Service Trees, Entity relationships, and complex Service Hierarchies that map directly to critical business functions.
• KPIs & Thresholding: Define and configure Key Performance Indicators (KPIs), utilizing static and adaptive thresholding (machine learning) for proactive alerting.
• Glass Tables & Dashboards: Design and develop executive-level Glass Tables and deep-dive operational dashboards to provide real-time service health visibility.
• Episode Review: Configure correlation searches, notable events, and action rules within ITSI Episode Review to reduce alert fatigue and accelerate Mean Time to Resolution (MTTR).

Splunk Observability Cloud

• Full-Stack Observability: Lead the integration and instrumentation of cloud-native microservices using Splunk Observability Cloud (APM, Infrastructure, RUM, Synthetics, and Log Observer).
• OpenTelemetry Strategy: Govern the adoption of OpenTelemetry (OTel); configure and manage OTel collectors, SDKs, and exporters across Kubernetes and serverless environments.
• Distributed Tracing: Architect distributed tracing and service dependency mapping to help development teams rapidly identify bottlenecks and optimize code performance.
• SLI/SLO Management: Collaborate with SRE and application teams to define and measure Service Level Indicators (SLIs) and Service Level Objectives (SLOs) using burn-rate alerting.

Development & Automation

• Advanced SPL: Write highly optimized and complex Search Processing Language (SPL) queries for threat hunting, operational analytics, and custom reporting.
• Custom Development: Develop custom Technology Add-ons (TAs), modular inputs, and custom visual components using Python, Bash, JavaScript, and the Splunk REST API.
• Infrastructure as Code (IaC): Automate the deployment and configuration of Splunk and Observability agents using Terraform, Ansible, or Puppet.
• CI/CD Integration: Integrate observability testing and deployment into the CI/CD pipeline (Jenkins, GitLab CI, GitHub Actions) to ensure code releases are automatically monitored.

qualifications:

Required Qualifications

Experience: 7+ years of IT/Engineering experience, with a minimum of 5 years of hands-on experience designing and developing in Splunk environments.

ITSI Expertise: Deep, proven experience configuring Splunk ITSI from scratch, including service templates, base searches, and aggregation policies.

Observability Mastery: Hands-on experience with Splunk Observability Cloud (SignalFx) or equivalent platforms (Dynatrace, Datadog, New Relic) and strong knowledge of OpenTelemetry standards.

Scripting/Coding: Proficiency in Python and shell scripting for API integrations and custom TA development.

Cloud Infrastructure: Strong understanding of cloud-native architectures (AWS, Azure, or Google Cloud Platform) and containerized environments (Kubernetes, Docker).

Communication: Excellent stakeholder management skills with the ability to translate highly technical concepts into business-value outcomes for leadership.

Preferred Qualifications & Certifications

Certifications (Highly Desired):

Splunk IT Service Intelligence Certified Admin

Splunk Enterprise Certified Architect

Splunk O11y Cloud Certified (Admin or Metrics User)

ITSM Integration: Experience integrating Splunk with ITSM and Incident Management platforms (ServiceNow, Jira, Splunk On-Call).

Data Routing: Experience with data routing and pipeline management tools like Cribl Stream.

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact

Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).

This posting is open for thirty (30) days.