Splunk Architect

Minimum 5+ years of IT relevant experience Operate and maintain existing Log Management Infrastructure by designing system configuration, directing system installation, and defining, documenting, and enforcing system standards. Maximizes system performance by monitoring performance, troubleshooting problems and outages, scheduling upgrades; Collaborating with network and system team to ensure all required logs are collected; Ensuring all Service Requests, Incidents, and Problems are completed/resolved within the required time period; Reporting of operational status by gathering, prioritizing information; Knowledge of ArcSight or Splunk Responsible to install and configure the Splunk forwarder agent across various OS in the Application environment to collect the data feeds into Splunk Environment Log Analysis and creation of Splunk knowledge objects Responsible to create an index with appropriate retention and retirement policies by managing the bucket policies Scheduled Splunk based Reports and Alerts to monitor the system health performance and breaches Maximizes system performance by monitoring performance, troubleshooting problems and outages, scheduling upgrades; Experienced in implementing and clustering to maintain data availability and disaster recovery Created Splunk automatic lookups and workflows Requirement Experience with interconnected, heterogeneous systems Networking background, WIN or Nix systems administration Familiarity with common infrastructure technologies Strong understanding of industry standards and technologies Implements and maintains Splunk platform infrastructure and configuration Your key responsibilities Develop advanced scripts for the manipulation of multiple data repositories to support analyst software application requirements, and analyze information to determine, recommend and plan the delivery of large data sets. Splunk administration in environments like windows servers, and Redhat Linux enterprise servers. Create Splunk apps, searches, data models, dashboards, reports, and alerts using Splunk query language. Create shell scripts to install Splunk forwarders on all the servers with configuration files such as, inputs.conf, props.conf, etc. Work with multiple data source owners to onboard data sources by parsing and normalizing the data by following best practices. Develop distributed Splunk applications, including requirement gathering, coordinating Splunk setup Support, maintain, and expand Splunk infrastructure to meet future architecture design and deployment requirements Perform basic and advanced scripting tasks with Splunk to automate repeatable processes using Python · Design implement and optimize Splunk applications (to include Enterprise Security), queries, knowledge objects, and data models. Develop new dashboards, searches, and alerts to enhance Enterprise Security use cases. Deploy Best Practices for developing Splunk Apps and create conceptual architecture for a continuous improvement initiative Provide Impact assessment for migration efforts. Build PoCs for Splunk enhancementsMonitored notable events through Splunk enterprise security. Interact with the data warehousing team to extract the data identifying field for CIM mapping. Write automation scripts for the rest of API testing. Work with front-end applications to help guide users toward various apps across the Splunk enterprise system. Writing complex regex patterns using if, rex command, and regex to extract the data to support the stakeholders’ requirements to build use cases. Define strategy and design software application solutions around data collection, aggregations, and summarization processes. Design Splunk system solutions to meet growth while maintaining a balance between performance, stability, scalability, and agility. Develop automation scripts to automate most of the daily jobs to increase efficiency and reduce human errors. Design Splunk system solutions to meet growth while maintaining a balance between performance, stability, scalability, and agility. Troubleshoot Splunk server and agent problems and issues Migrate from one SIEM solution to another Excellent Problem solving and problem-resolution skills Should have knowledge of a scripting language and UNIX command line.Strong Cyber Security BackgroundPrimary SkillsSplunk agent installation and data ingestions expertise.Splunk certified and knowledge of heavy forwarders is a plus.Splunk Certified Consultant II and Splunk Certified Architect Certifications. Must have: At least 5 years of hands-on experience designing, architecting, and implementing Splunk globally for global financial institutions. Must Have Strong Experience with Windows/Linux.Excellent written and oral communication.