Splunk Engineer

We’re seeking a highly skilled Splunk Engineer to lead the design, deployment, and optimization of our Splunk ecosystem. This role is ideal for someone who thrives at the intersection of data engineering, cybersecurity, and operational intelligence. You’ll architect scalable solutions, develop custom dashboards, and empower teams with actionable insights from machine data.
Key Responsibilities
• Architecture & Design: Lead the end-to-end design of Splunk infrastructure, including indexers, forwarders, search heads, and clustering strategies
• Data Onboarding: Integrate diverse data sources (syslogs, APIs, cloud logs, etc.) into Splunk using best practices for parsing, normalization, and enrichment
• Dashboard & Alert Development: Build advanced dashboards, reports, and alerts tailored to security, IT operations, and business analytics
• Performance Optimization: Tune Splunk queries, indexes, and configurations for speed, scalability, and cost-efficiency
• Security & Compliance: Implement role-based access controls, data retention policies, and audit mechanisms to meet regulatory requirements
• Automation & Integration: Develop scripts and automation (Python, Bash, etc.) to streamline Splunk operations and integrate with other tools (e.g., SOAR, SIEM, ticketing systems)
• Mentorship & Collaboration: Guide junior engineers, collaborate with SOC analysts, and partner with infrastructure teams to maximize Splunk’s value
• Troubleshooting & Support: Provide Tier 3 support for Splunk-related issues and lead root cause analysis for data ingestion or performance problems

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com.To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/.

• Bachelor’s degree in Computer Science, Information Security, or related field
• 5+ years of hands-on experience with Splunk engineering and architecture
• Deep understanding of Splunk components (Universal Forwarder, Heavy Forwarder, Search Head Clustering, Indexer Clustering)
• Strong knowledge of SPL (Search Processing Language) and data modeling
• Experience with Linux/Unix systems and cloud platforms (AWS, Azure, GCP)
• Familiarity with cybersecurity frameworks (MITRE ATT&CK, NIST, etc.)
• Scripting skills in Python, Bash, or PowerShell
• Excellent communication and documentation skills

• Splunk certifications (e.g., Splunk Certified Architect, Splunk Certified Admin)
• Experience with Splunk Enterprise Security (ES) or IT Service Intelligence (ITSI)
• Knowledge of SOAR platforms and integration workflows
• Experience with log aggregation tools (e.g., ELK, Graylog)
• Familiarity with containerized environments (Docker, Kubernetes)

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.