About the Role :
We are seeking an experienced Splunk Consultant / Administrator with strong expertise in Splunk and Elastic Search to support enterprise-scale security monitoring, log analytics, and operational intelligence. The ideal candidate will have a proven track record of driving large-scale deployments, working closely with customers to solve complex problems, and ensuring seamless integration of security tools within SOC environments.
Key Responsibilities :
Splunk Deployment & Administration :
- Drive and manage complex Splunk deployments across enterprise environments.
- Onboard, configure, and optimize diverse log sources into Splunk Enterprise / Splunk Cloud.
- Install, configure, and manage Splunk apps, add-ons, and knowledge objects.
- Monitor, fine-tune, and optimize Splunk infrastructure for performance and scalability.
- Develop and maintain advanced dashboards, reports, and alerts for monitoring use cases.
Collaboration & Solutioning :
Work side-by-side with customers to solve unique problems across IT, security, and business operations use cases.Collaborate across cross-functional teams (Product, Engineering, Security, IT Ops) to deliver tailored solutions.Share best practices, provide training, and guide clients to maximize the value of Splunk.Security Operations (SOC Support) :
Perform advanced SOC functions including monitoring, alerting, triage, escalation, and incident resolution.Conduct incident investigations using Splunk, Elastic Search, and threat intelligence data.Assist clients in resolving advanced security incidents and defining incident response playbooks.Perform intelligence research and enrich detection rules to enhance security monitoring.Elastic Search Administration :
Design, deploy, and manage Elastic Search clusters for log indexing, storage, and search optimization.Configure Elastic Search pipelines for log ingestion, parsing, and enrichment.Perform fine-tuning and scaling for large volumes of log and security data.Integrate Elastic Search with SIEM / SOAR tools for enhanced detection and correlation.Skills & Qualifications :
Must Have :
Splunk Administrator (Advanced) - 6-9 years hands-on experience.Elastic Search (Advanced) - 6-9 years experience in deployment and management.Strong knowledge of SPL (Search Processing Language) and Elastic Query DSL.Experience in creating advanced dashboards, correlation searches, and reports.Proven SOC operations experience (incident triage, alerting, resolution).Strong problem-solving skills in undefined or high-pressure situations.Experience with threat intelligence research and correlation.Preferred Skills :
Knowledge of SOAR platforms (Phantom, Demisto, or similar).Familiarity with cloud security logging (AWS, Azure, GCP).Knowledge of Linux, Windows administration, and networking fundamentals.Certifications such as Splunk Certified Admin / Architect / Power User or Elastic Certified Engineer.(ref : hirist.tech)