Splunk SME Engineer (Splunk to Google SecOps Migration)
Atlanta-Remote
Contract with Capgemini
Splunk SME Engineer role requires extensive experience in data engineering and a deep understanding of Splunk, including writing sophisticated Splunk queries, developing log analytics rules, and creating data connectors, workbooks, and runbooks. The ideal candidate will enhance our ability to analyze and interpret large volumes of data to drive insights and improve operational efficiency.
Key Responsibilities:
• Splunk Query Development:
o Design, develop, and optimize Splunk queries to meet complex business requirements.
o Ensure efficient data retrieval and processing to support real-time analytics and reporting.
• Log Analytics and Data Rules Creation:
o Develop and maintain log analytics rules to automate the monitoring and analysis of data.
o Use Splunk’s capabilities to create advanced analytics for identifying trends, anomalies, and patterns in log data.
• Data Connectors and Integration:
o Build and maintain data connectors to integrate Splunk with various data sources, ensuring seamless data flow and consistency.
o Collaborate with IT and network teams to expand data collection from new sources and platforms.
• Workbook and Runbook Development:
o Develop workbooks to document and guide data analysis processes and findings.
o Create and update runbooks, providing clear instructions for operational tasks and responses to common system events or incidents.
• Data Pipeline and Architecture:
o Design and manage the data pipeline architecture within Splunk to support scalable and efficient data processing.
o Implement best practices for data handling, indexing, and storage to optimize performance and cost.
o Architect and manage the end-to-end data pipeline within Splunk, from data ingestion and storage to processing and visualization.
o Implement data transformation processes that cleanse, structure, and enhance raw data for analytics
• Performance Tuning and Optimization:
o Monitor and tune the performance of Splunk environments to handle increased data volumes and complex queries.
o Conduct regular system audits to identify and resolve performance bottlenecks.
• Security and Compliance:
o Apply security best practices within Splunk deployments to protect sensitive data and prevent unauthorized access.
o Enforce security best practices within Splunk deployments to safeguard data integrity and confidentiality.
o Ensure all data handling and processing activities comply with relevant regulatory and compliance standards, such as GDPR or HIPAA.
• Reporting and Documentation:
o Generate regular reports that provide insights into system health, user activities, and threat landscapes.
o Maintain detailed documentation of data schemas, system configurations, and operational procedures to support system audits and knowledge sharing.
o Collaborative Team Support and Training:
o Work closely with IT, cybersecurity, and business analytics teams to align Splunk capabilities with organizational needs.
o Provide expert guidance and training to team members on leveraging Splunk for specific use cases, ensuring optimal utilization across departments.
Required Qualifications:
• Proven experience as a Splunk SME with a strong background in data engineering.
• Expertise in writing complex Splunk queries and developing log analytics rules.
• Experience with data connectors, workbooks, and runbooks.
• Knowledge of scripting languages such as Python or Bash for automation tasks.
• Relevant certifications in Splunk (e.g., Splunk Certified Architect, Splunk Certified Developer).
Thanks,
Sai Kiran
iTechUS inc
From:
Sai Kiran,
iTechUS Inc
sai.k@itechus.net
Reply to: sai.k@itechus.net