Splunk Engineer

Introduction & SummaryWe are seeking an experienced Splunk Engineer to take over and operate the on-premise Splunk SIEM platform. You will play a crucial role in transitioning from an existing global partner, stabilizing, and continuously improving the enterprise-scale SIEM environment. Main ResponsibilitiesIn this role, you'll manage all Splunk operations, ensuring effective platform operation and maintenance.Perform CIM-compliant log onboarding and parser creation.Conduct onboarding due diligence and demand analysis.Create and validate Firewall/VPN/Routing change requests.Manage ingestion pipelines via Cribl and Splunk UF/HF.Deploy and scale Splunk components using Terraform and Ansible.Ensure full platform operation and handle ITSM processes.Lead Major Incident Management on a 24/7 basis.Implement approved changes across Splunk components.Conduct vulnerability scans and support SOC threat analysis.Take over existing Splunk operations and ensure stability during transition. Key Requirements5–10 years of Splunk/SIEM experience in large enterprises.Expertise in Splunk Architecture, CIM onboarding, and parser development.Strong scripting abilities in Terraform, Ansible, Bash/Python.Experience in stabilizing SIEM environments.At least two required certifications, e.g., Splunk Core Certified User or Splunk Enterprise Admin.Strong communication skills in enterprise settings.Clear documentation skills and a proactive work style.Fluent English required; German beneficial. Nice to HavePrevious experience with major incident management in a 24/7 environment.Knowledge of additional security practices and tools.Experience collaborating in international teams.