Key skills
Splunk engineering/adminadvanced SPLLinux/RHEL administrationdata ingestion/normalizationCribl administrationSQL integrationPython scriptingBash scriptingPowerShell scriptingdiagrammingDoD 8140 IAT Level II certSplunk Certified Administratortechnical documentationPythonSQLBashPowerShellSplunk
About this role
Zermount Inc is seeking an experienced Splunk Engineer to support their enterprise security, operations, and monitoring environment. The role involves engineering, administering, maintaining, and enhancing Splunk to ensure optimal performance and operational effectiveness, while collaborating with various teams.
Responsibilities:
- Engineer/admin Splunk Enterprise (implement, configure, troubleshoot, patch/upgrade)
- Design/evaluate distributed/clustered architecture and recommend improvements
- Onboard/ingest/parse/normalize data (network/app/DB/cloud)
- Build/maintain custom parsers, field extractions, data models, and knowledge objects
- Install/maintain Splunk apps/add-ons
- Develop SPL searches, alerts, reports, dashboards and improve detections/reporting
- Monitor/optimize health, connectivity, performance, license use
- Tuning/capacity planning and daily health checks
- Lifecycle: major upgrades, patching, backup validation, restore testing, decommissioning
- Admin Splunk on RHEL (accounts/access controls, certs, .conf management, config backups)
- Troubleshoot ingestion/integration issues and coordinate with teams/vendors
- Produce technical documentation and architecture/data-flow diagrams
- Track/report work via tickets/dashboards
- Provide cross-functional engineering support
Requirements:
- 5+ yrs enterprise Splunk engineering/admin (distributed/clustered)
- strong ingestion/normalization/field extractions/custom parsing
- advanced SPL
- Linux/RHEL install/config/upgrade/tuning
- integrations incl DB Connect + SQL, syslog-ng on RHEL/SELinux, scripting (Python/Bash/PowerShell)
- Cribl administration and license-reduction strategies
- production major upgrades
- strong documentation/diagramming
- Required-Splunk Certified Administrator (or higher)
- 1 DoD 8140 IAT Level II baseline security cert
- Minimum Background Investigation
- Splunk Architect/Core Consultant
- Linux admin
- Cribl