job specification

Overview

We are seeking an experienced Senior Splunk Engineer to take over and operate the on-premise Splunk SIEM platform. As part of the transition from Infosys, you will be responsible for stabilizing and continuously improving an existing enterprise-scale SIEM environment.

You will own all Splunk operations across Plan & Build, 24/7 Operations, Release & Patch Management, CIM-based Log Onboarding, Parser development, Hardening, Configuration Management, and Incident/Problem/Change processes.

Responsibilities

1. Plan & Build

• Perform CIM-compliant log onboarding, parser creation, documentation.
• Conduct onboarding due diligence and demand analysis.
• Create Firewall/VPN/Routing change requests and validate changes.
• Manage ingestion pipelines via Cribl, Syslog-ng (TLS), Splunk UF/HF, SCP.
• Deploy and scale Splunk components using Terraform and Ansible.
• Build trend and capacity analyses.

2. Operations (24/7 enterprise-grade operations)

• Ensure full Splunk platform operation, monitoring, performance, EPS/log flow.
• Handle Incidents, Service Requests, Changes, and Problems under MBG ITSM.
• Lead Major Incident Management (P1/P2) with 24/7 on-call rotation.
• Build and operate Health Check dashboards and QA reports.

3. Configuration & Release Management

• Implement approved changes across Splunk components.
• Perform daily configuration backups (KV stores, Apps, Configs).
• Maintain automation libraries (Terraform, Ansible, scripts).
• Manage Splunk patching and releases (maintain N-1 level).
• Support up to 12 minor + 1 major release per year.

4. Security, Hardening & Compliance

• System hardening and vulnerability remediation.
• Operate via secure access methods (Jump hosts, SuSSHi, 2FA).
• Conduct vulnerability scans and support SOC threat analysis.
• Automate SOP-based operational workflows.

5. Transition

• Take over existing MBG Splunk operations.
• Validate and enhance current configurations, parsers, and deployments.
• Ensure stability during transition and hypercare.

Requirements

Technical Skills

• 5–10 years Splunk/SIEM experience in large enterprises.
• Expertise in Splunk Architecture, CIM onboarding, parser development, Syslog-ng, certificates.
• Strong scripting: Terraform, Ansible, Bash/Python.
• Experience stabilizing existing SIEM environments.

Certifications (required)

Minimum two of:

• Splunk Core Certified User
• Splunk Core Certified Power User
• Splunk Enterprise Admin
• Splunk Enterprise Architect
• Optional: Splunk ES

Soft Skills

• Strong communication in enterprise environments.
• Clear documentation skills.
• Proactive, quality-driven work style.
• Fluent English (German beneficial).