Splunk Administrator @ W2
Jobs via Dice · United States
- Hybrid
- Full-time
- $100,000 / year
- United States
Job highlights
- Administer Splunk Cloud and on-prem environments.
- Monitor log ingestion and platform health.
- Troubleshoot log delivery and ingestion issues.
- Manage Splunk forwarders and applications.
- Collaborate on new log source onboarding.
About the role
Splunk Administrator
FutureTech Consultants, LLC is seeking a Splunk Administrator to support and maintain Sompo's Splunk Cloud environment and associated log ingestion components. This role ensures reliable data collection across diverse sources, monitors platform health and capacity, and performs ongoing administration, updates, and configuration to support security operations and analytics.
Role Responsibilities:
- Monitor log ingestion volumes and platform health using custom searches and Splunkbase tools.
- Ensure reliable log delivery and troubleshoot ingestion interruptions across supported sources.
- Administer intermediate log collection components, including Logstash, syslog, Heavy Forwarders, and related services.
- Manage Splunk application configurations on Universal Forwarders using the Splunk Deployment Server.
- Perform Universal Forwarder upgrades and maintenance to address security, stability, and version requirements.
- Manage and update Splunk applications within the Splunk Cloud environment.
- Collaborate with security and infrastructure teams to support onboarding of new log sources.
- Document configurations, procedures, and troubleshooting steps for operational use.
Technical Qualifications:
- 3-5 years of hands-on experience administering Splunk in an enterprise environment.
- Experience with Splunk Cloud and on-prem Splunk infrastructure, including Heavy Forwarders, Deployment Server, and Universal Forwarders.
- Experience with HTTP Event Collector (HEC).
- Familiarity with common Splunk Technology Add-Ons (TAs), including Azure, Okta, and other cloud services.
- Understanding of Splunk data models and data normalization practices.
- Experience with Splunk features such as alert actions, SAML-based authentication, KV store, and lookups.
- Knowledge of Splunk role-based access controls and permission models.
- Experience with data management features including DDAS and reindexing processes.
Familiarity with:
- Azure Event Hubs, Kafka, Log Analytics Workspaces, and cloud-based logging pipelines.
- Windows Event Collection (WEC) and Windows Event Forwarding (WEF).
General Qualifications:
- Ability to create clear, concise technical documentation for both technical and non-technical audiences.
- Strong analytical and troubleshooting skills with the ability to work independently.
- Effective time and priority management in a multitasking operational environment.
- Strong written and verbal communication skills.
Key skills/competency:
- Splunk Administration
- Splunk Cloud
- Log Ingestion
- Data Collection
- Platform Health Monitoring
- Logstash
- Syslog
- Heavy Forwarders
- Universal Forwarders
- Technical Documentation
Skills & topics
- Splunk Administrator
- Splunk
- Splunk Cloud
- Log Management
- Data Ingestion
- System Administration
- IT Operations
- Security Operations
- Hybrid
- Alpharetta
How to get hired
- Tailor your resume: Highlight your 3-5 years of Splunk administration experience, focusing on Splunk Cloud, Heavy Forwarders, and Universal Forwarders.
- Showcase technical skills: Emphasize your experience with HEC, TAs (Azure, Okta), data models, alert actions, and access controls.
- Demonstrate familiarity: Mention your knowledge of Azure Event Hubs, Kafka, WEC, and WEF if applicable.
- Craft a strong cover letter: Clearly articulate your ability to document configurations and troubleshoot independently.
- Prepare for technical questions: Be ready to discuss your experience with Splunk features and data management processes.
Technical preparation
Master Splunk Cloud administration and on-prem setup.,Practice configuring Heavy and Universal Forwarders.,Familiarize with HEC, TAs, and data models.,Review Splunk features like SAML and KV store.
Behavioral questions
Describe troubleshooting a log ingestion interruption.,How do you document complex configurations?,How do you manage priorities in a busy environment?,How do you collaborate with security and infra teams?
Frequently asked questions
- What are the primary responsibilities of a Splunk Administrator at FutureTech Consultants?
- The Splunk Administrator will focus on supporting and maintaining Sompo's Splunk Cloud environment, ensuring reliable data collection, monitoring platform health, and performing ongoing administration and configuration to support security operations and analytics.
- What specific Splunk infrastructure experience is required for this Splunk Administrator role?
- We require 3-5 years of hands-on experience administering Splunk in an enterprise environment, specifically with Splunk Cloud and on-prem infrastructure, including Heavy Forwarders, Deployment Server, and Universal Forwarders.
- Does this Splunk Administrator position require experience with cloud logging pipelines?
- Yes, familiarity with Azure Event Hubs, Kafka, Log Analytics Workspaces, and other cloud-based logging pipelines is beneficial for this Splunk Administrator role.
- What are the general qualifications for the Splunk Administrator position?
- General qualifications include the ability to create clear technical documentation, strong analytical and troubleshooting skills, independent work capabilities, effective time management, and strong written and verbal communication skills.
- How does FutureTech Consultants handle the hybrid work arrangement for the Splunk Administrator role?
- This Splunk Administrator position offers a hybrid work arrangement, requiring employees to be in the office 3 days per week at one of the listed locations.
- What Splunk features are important for this Splunk Administrator role?
- Experience with Splunk features such as alert actions, SAML-based authentication, KV store, and lookups is important, as well as knowledge of role-based access controls and permission models.
- Will a Splunk Administrator need to onboard new log sources?
- Yes, collaboration with security and infrastructure teams to support the onboarding of new log sources is a key responsibility for the Splunk Administrator.