Management, upkeep and expansion/design of an on-premise Splunk/Enterprise Security deployment.
Coordinate all aspects of Splunk event collection and forwarding.
Administer Splunk Enterprise and Enterprise Security. To include index, sourcetype, field, CIM compliance, ES use cases and SPL upkeep.
Implement Security and Business use-cases in the Splunk framework.
Handle syslog configurations and forwarding.
Build custom dashboards, reports, and alerts within Splunk.
Design and implement high-level strategies.
Proven experience creating complex Splunk queries in SPL and XML for reports and dashboards.
Ability to troubleshoot and optimize SPL for large queries or data sets with strong knowledge of the Splunk search pipeline.
Understanding and implementation of log data flows between source systems and Splunk components.
Ability to write applications that pull data from a source system for writing to Splunk (Python preferred).
Ability to create custom field extractions, TA’s and sourcetypes.