Responsibilities

  • Develop and refine detection logic, alerts, and searches within Splunk‑based environments.

  • Build and maintain dashboards supporting security investigations, operational monitoring, and threat analysis.

  • Integrate Splunk outputs with automation platforms to streamline incident handling.

  • Prepare and transform log data to ensure accuracy, consistency, and high‑quality visibility across environments.

  • Create and maintain ingestion pipelines using various collection methods (agents, syslog, APIs, connectors).

  • Collaborate with infrastructure and application teams to expand logging coverage in cloud and on‑prem ecosystems.

  • Monitor and optimize Splunk platform performance, ensuring stable data flow and high availability.

  • Oversee the deployment and operational health of logging agents across endpoints and workloads.

Requirements

  • 5+ years of experience in IT or cybersecurity, including at least 3 years working hands‑on with Splunk.

  • Practical experience in building searches, alerts, dashboards, and correlation logic.

  • Strong understanding of log formats, parsing techniques, regular expressions, and data normalization.

  • Proficiency in scripting languages such as Python, PowerShell, Perl, or SQL.

  • Familiarity with security operations, detection methodologies, and incident workflows.

  • Broad technical understanding of networks, operating systems, applications, and cloud services.

  • Ability to manage sensitive information responsibly and professionally.

Aplikuj