Splunk Administrator
Scottsdale, Arizona, United States of America
Full Time
1 month ago
$50 - $65 USD
No Visa Sponsorship
Key skills
Cyber SecurityFirewallsLinuxPythonServiceNowSplunkBashPowerShellCollaborationNetwork SecurityFirewall
About this role
Role Overview
- Administer and maintain Splunk Enterprise infrastructure (indexers, search heads, forwarders, deployment server, cluster management).
- Perform performance tuning, system optimization, scaling, and capacity planning for OT workloads.
- Install and configure Splunk Universal Forwarders across Windows, Linux, and applicable OT systems.
- Manage Splunk apps, add-ons, data models, and knowledge objects.
- Onboard and manage OT-related data sources including firewalls, switches/routers, SCADA-adjacent systems, VPN concentrators, RSA SecureID, Tripwire Enterprise, endpoint security platforms, and network monitoring tools.
- Validate NERC CIP log retention and integrity requirements.
- Develop dashboards, correlation searches, alerts, and compliance reports.
- Create OT-specific detection use cases in collaboration with OT Network Security Analysts.
- Troubleshoot ingestion failures, missing logs, and detection gaps.
- Conduct root-cause analysis impacting OT security visibility.
- Support incident response efforts through advanced Splunk queries, timelines, and forensic data exports.
- Support internal and external audits through documentation, dashboards, and evidence extraction.
- Ensure platform configurations align with NERC CIP standards (CIP-007, CIP-010, CIP-003 monitoring controls).
- Maintain logging architecture documentation and operational procedures aligned with compliance governance standards.
- Integrate Splunk with ServiceNow for automated alerting and ticketing workflows.
- Collaborate with Firewall Governance, PKI, RSA, and VPN lifecycle stakeholders to enhance logging visibility.
- Develop and maintain automation scripts using Python, PowerShell, or Bash.
- Maintain operational runbooks, architectural documentation, and work registers.
- Provide knowledge transfer and documentation to support long-term operational sustainability.
Requirements
- 3–5+ years of experience administering Splunk Enterprise (preferably in utility, industrial, or OT environments).
- Strong expertise in: Splunk configuration, tuning, and troubleshooting.
- Log ingestion pipelines.
- Windows and Linux server administration.
- Network security principles (firewalls, VPN, segmentation, routing).
- Ability to obtain and maintain NERC CIP access requirements.
- Bachelor's degree in Cybersecurity, Information Systems, Engineering, or related field (or equivalent experience).
- Experience in utility OT environments (substations, telecom, control centers, generation facilities, pipelines).
- Familiarity with Tripwire, RSA SecureID, SCADA systems, firewall governance frameworks, and NERC CIP requirements.
- Experience with Splunk ES or Splunk ITSI.
- Scripting and automation experience (Python, PowerShell, Bash).
- Experience building dashboards, correlation searches, and detection content.
Tech Stack
- Cyber Security
- Firewalls
- Linux
- Python
- ServiceNow
- Splunk