Splunk Administrator- Mumbai

Job Description:

Role/ Job Title: Splunk Administrator Function/ Department: Informa on Security Group Job Purpose: A Splunk Administrator with hands-on exper se in Splunk Enterprise Security (ES) to manage, opmize, and support the Splunk infrastructure. The candidate will play a cri cal role in maintaining system health, onboarding data sources, mapping them to data models, and suppor ng security use cases for threat detec on within the SOC environment. Roles & Responsibilities: 1. Install, configure, upgrade, and maintain Splunk Enterprise Security (ES) and its components (add-ons, apps) across distributed and clustered environments. 2. Administer and monitor the Splunk infrastructure for performance, scalability, and health using best prac ces. 3. Onboard and normalize data from various sources (Syslog, APIs, cloud pla orms, etc.) into Splunk via universal forwarders, HEC, and other methods. 4. Develop and maintain field extrac ons, event types, tags, lookups, macros, and knowledge objects to support threat detec on and inves ga on. 5. Manage and opmize correla on searches, risk-based aler ng, notable events, and dashboards within Splunk ES. 6. Ensure data models are correctly structured and opmized for accelerated performance. 7. Support compliance and audit repor ng requirements via custom dashboards and scheduled reports. 8. Troubleshoot Splunk performance issues and assist in root cause analysis. 9. Create and maintain documenta on for architecture, configura ons, and standard opera ng procedures (SOPs). 10. Work closely with the SOC team to enhance detec on logic and support inves ga ons.