Splunk Administrator

Position: Splunk AdministratorLocation: Canada – RemoteJob Description:As a Splunk Administrator, you will be responsible for the configuration, maintenance, and optimization of our Splunk infrastructure to ensure efficient log aggregation, search, and analysis capabilities. You will work closely with development, operations, and security teams to design and implement Splunk solutions that meet our organization's monitoring, troubleshooting, and security requirements.Roles and Responsibilities:1. Deployment and Configuration: Deploy and configure Splunk instances, forwarders, and data inputs according to best practices, ensuring scalability, reliability, and security. 2. Monitoring and Maintenance: Monitor Splunk infrastructure performance, troubleshoot issues, and perform routine maintenance tasks such as index rotation, data retention management, and license optimization. 3. Data Ingestion: Design and implement data ingestion strategies to collect logs and metrics from various sources, including servers, applications, network devices, and security appliances, ensuring comprehensive coverage and efficient data parsing. 4. Search and Analysis: Develop and maintain Splunk search queries, dashboards, and reports to enable real-time monitoring, troubleshooting, and analysis of system performance, security incidents, and operational metrics. 5. Integration: Integrate Splunk with other monitoring, logging, and security tools to create unified visibility and correlation of events across the organization's infrastructure, applications, and security controls. 6. Security and Compliance: Configure Splunk security settings, access controls, and audit trails to ensure data confidentiality, integrity, and compliance with regulatory requirements and industry standards. 7. Capacity Planning: Perform capacity planning and scaling of Splunk infrastructure to accommodate growing data volumes and user demands, collaborating with stakeholders to forecast resource requirements and optimize infrastructure investments. 8. Documentation and Training: Create and maintain documentation for Splunk configurations, deployment procedures, troubleshooting guides, and best practices, and provide training and support to users and administrators as needed.QualificationsProven experience as a Splunk Administrator, with hands-on experience deploying, configuring, and maintaining Splunk Enterprise or Splunk Cloud environments.Strong understanding of Splunk architecture, components, and deployment topologies, including indexers, search heads, forwarders, and data models.Proficiency in Splunk Search Processing Language (SPL) and experience developing complex search queries, dashboards, and reports to extract actionable insights from log data.Familiarity with log management best practices, log parsing techniques, and common log formats (e.g., JSON, syslog, Apache logs).Experience with scripting languages such as Python, PowerShell, or Bash for automation and integration tasks.Excellent analytical and problem-solving skills, with the ability to troubleshoot complex issues and optimize performance in a high-availability environment.Strong communication and collaboration skills, with the ability to work effectively with cross-functional teams and stakeholders to understand requirements and deliver solutions that meet business needs. RegardsPatrick FernandezStrategic Recruitment Manager - Talent Acquisition Group