Splunk/Cribl Developer - 100% Remote

Windward Consulting is at the forefront of Service-Centric IT. With strategic consulting, unparalleled technical expertise and our proven Windward Service-Centric IT RoadMap, we help our clients align the core competencies of process, organization, information and technology to run the most sensitive and mission-critical IT environments in the world.

If you are looking for an opportunity to be involved with a team of individuals who are working within one of our cutting-edge clients solving complex technical challenges then we are looking for you. We are looking for people who are passionate about technology and have a "roll up their sleeves mentality." Here at Windward we offer numerous opportunities to expand your experience in various areas depending upon your aptitude and interests. Our employees are not only passionate and driven, but strive to ensure customer quality is delivered consistently and effective.

We are looking for an experienced Splunk / Cribl Developer to interface with the application teams to assist in the migration of Splunk to Splunk Cloud. Design and develop production quality data feeds to provide real time business process transactions monitoring and anomaly detection in Splunk. Optimize existing searches and dashboards to improve performance. Provide necessary training/demo to the application teams to operationalize the dashboards and data onboarding.

Key Job Functions:

• Creating Cribl pipelines, packs and routing modules
• Configure Data Feeds through Cribl to Splunk with route and filter functions for enrichment.
• Lead in Cribl and Splunk data feed troubleshooting efforts.
• Work with business and application teams to perform requirements gathering sessions to develop the scope and design of new and existing dashboards, alerts, reports, and data sources
• Understand the business process flow and design & develop an "End-2-End" business transaction visibility, including large scale processing, integration, and analysis of system logs and databases in Splunk
• Discover and mine data to develop meaningful insights into Failed, Unexpected, Incomplete or Delayed business transactions
• Explore and build new capabilities like Splunk mobile and develop mobile-friendly dashboards
• Design and build automation solutions to templates dashboards for large scale implementation for different business applications

Desired Experience and Skills:

• Splunk certifications: Splunk Certified Developer,
• Cribl training and/or Cribl Certification
• Expert level knowledge and understanding of Splunk "Search" language and building complex queries
• Implement KV stores, lookups, and data model acceleration to optimize search performance and reporting
• Experience with creating Splunk knowledge objects (field extractions, macros, event types, etc.)
• Splunk Searching and Reporting modules, Knowledge Objects, Administration, Dashboards, Clustering and Forwarder Management,
• Knowledge of scripts via the simple XML, advanced XML source, Regex, SPL and Python.
• Expert-level capabilities with regular expression, anomaly detection, and enrichment
• Strong problem solving, logic, and analytical skills
• Strong Communication skills (1x1 & presentation) , 
• Solid Documentation skills and great Attitude (team player & customer attitude) that can work in a “Agile” fashion and with a lot of “Ambiguity”    
• Splunk (SPL) experience in creating dashboard views, reports and alerts for events,
• Solid experience, knowledge on Clouds Services like AWS and Azure,
• Experience migration from on-prem to cloud services (a plus)
• Experience configuring indexes, index routing, retention policies,  and data onboarding through various methods (UF, HF, Syslog, Splunk TA, HEC, FTP(S), CSV, DB Connect, etc.)
• Basics troubleshooting Splunk Indexers, SH, UF ….for a multiple clusters and large environment.
• Cribl, working on creating Cribl Pipelines, Packs and Routing modules,
• Data feeds thru Cribl to Splunk applying routing and filter mechanism to enrich data
• Cribl Worker, Leader troubleshooting Experience with Regex, custom scripting along with Splunk SPL  / python..
• Splunk Searching and Reporting modules, Knowledge Objects, Administration, Dashboards, Clustering and Forwarder Management,
  •  

Work Location:

• Remote
• EST/CST work hours; Off hours and flex support may be needed. 

Windward strives to attract and retain the best individuals and provide an environment where they can all grow professionally and build a rewarding career. We continually strive to create an environment that balances work life and offers benefits that will enhance the compensation package. We offer Medical, Dental, Vision, Flexible Spending Accounts, Short Term Disability, Long Term Disability, Life Insurance and AD&D, as well as the option to purchase additional Life Insurance and AD&D, Paid Time Off, Personal Leave, Holidays, 401(k) plan with company match and work/life balance.

Windward Consulting is proud to be an Equal Opportunity Employer. Applicants are considered for all positions without regard to race, color, religion, sex, national origin, age, disability, sexual orientation, ancestry, marital or veteran status.

WINDWARD CONSULTING GROUP, INC. (WINDWARD) PROVIDES EQUAL EMPLOYMENT OPPORTUNITY WITHOUT REGARD TO AN APPLICANT’S COLOR, RACE, SEX, PREGNANCY, NATIONAL ORIGIN, AGE, DISABILITY, RELIGION, MARITAL STATUS, GENETIC INFORMATION, VETERAN STATUS, OR ANY OTHER CHARACTERISTICS PROTECTED BY FEDERAL, STATE OR LOCAL LAW. WE WILL CONSIDER THIS APPLICATION ACTIVE FOR 90 DAYS AFTER OUR RECEIPT. THEREAFTER, YOU MUST REAPPLY IF FURTHER INTERESTED IN EMPLOYMENT. I CERTIFY THAT ALL ANSWERS GIVEN BY ME ARE TRUE, ACCURATE AND COMPLETE, I UNDERSTAND THAT THE FALSIFICATION, MISREPRESENTATION OR OMISSION OF ANY FACT ON THIS APPLICATION (OR ANY OTHER ACCOMPANYING OR REQUIRED DOCUMENTS) OR PROVIDED ORALLY, WILL BE CAUSE FOR DENIAL OF EMPLOYMENT OR IMMEDIATE TERMINATION OF EMPLOYMENT, REGARDLESS OF WHEN OR HOW DISCOVERED. The application will be given every consideration, but its receipt does not imply that the applicant will be employed. In exchange for the Company’s considering my application for employment, I authorize investigation of all statements contained in this application and any supporting documents. I authorize Windward to secure information about my experience from former employers, educational institutions, government agencies, or any references I have provided, and for those parties to provide information concerning my experience, and I hereby release all parties from any liability arising from such investigation. In exchange for the Company’s considering my application for employment, I hereby authorize my former employer to release to Windward any personnel information and records, favorable or otherwise, which my employer has kept regarding my employment, including my work performance. I understand that Windward may retain photocopies of my records for its files, whether I am offered employment or not. I hereby release all parties, including my former employer and Windward from any liability arising from the release, review and retention of any records pertaining to me.