Splunk Architect

About the job :

We are seeking a skilled and experienced Splunk Architect to design, implement, and manage enterprise-scale Splunk solutions across cloud and on-prem environments.

The ideal candidate will have a deep understanding of Splunk architecture and be capable of leading deployment strategies, data onboarding, and integrations in a complex IT Responsibilities :

• Design and implement scalable, resilient, and secure Splunk Enterprise and Splunk ES / ITSI architectures.
• Lead Splunk infrastructure planning, upgrades, and clustering strategies.
• Onboard and normalize logs from systems including Windows, Linux, firewalls, cloud services (AWS / Azure / GCP), and application logs.
• Develop dashboards, alerts, reports, and KPIs for IT operations, SOC teams, and business stakeholders.
• Integrate Splunk with third-party tools (e.g., ServiceNow, Jira, AWS CloudWatch, SOAR tools).
• Perform system tuning, data retention strategy planning, and storage management.
• Define and implement correlation rules, SPL queries, and CIM-compliant data models.
• Provide architectural consulting to internal teams and mentor junior engineers.
• Ensure best practices for security monitoring, compliance, and incident response Skills & Qualifications :
• Bachelor's or Master's degree in Computer Science, IT, or related field.
• 7+ years of IT experience, with 5+ years of hands-on Splunk in :
• Splunk deployment architecture (Indexer clusters, Search Head clusters, Heavy Forwarders, Deploymen t Servers)
• SPL (Search Processing Language)
• CIM and data onboarding
• Security and compliance use cases (e.g., SOC, NIST, GDPR, ISO 27001)
• Experience with cloud platforms : AWS, Azure, or GCP.
• Strong knowledge of regex, data parsing, Linux / Unix, and networking protocols.
• Automation / scripting experience with Python, Shell, or Ansible (Preferred) :
• Splunk Certified Architect
• Splunk Certified Admin
• Splunk Enterprise Security Certified
• Any relevant cloud certifications (AWS / Azure)

(ref : hirist.tech)