Logo
Saxon Global

Splunk Architect

Saxon Global, Texas City, Texas, 77592


Position requires on-site work in Bellevue, WA. As a Splunk Architect, you will be responsible for designing, implementing, and maintaining Splunk infrastructure and solutions to meet our organization's/clients operational and security needs. Your expertise in Splunk architecture, data ingestion, search optimization, and dashboard creation will be critical in ensuring efficient and effective log management and analysis. Responsibilities: Collaborate with cross-functional teams to understand business requirements and translate them into Splunk architecture designs and solutions. Design and implement scalable and reliable Splunk infrastructure, including indexers, forwarders, search heads, and deployment servers, adhering to best practices and security standards. Configure data inputs and define parsing rules for various log sources, ensuring proper data ingestion and normalization into Splunk. Develop and optimize complex Splunk searches, reports, and dashboards to provide meaningful insights and actionable intelligence for stakeholders. Collaborate with security teams to identify and implement use cases for detecting and responding to security threats using Splunk. Conduct performance monitoring, capacity planning, and optimization activities to ensure the smooth operation of Splunk infrastructure. Troubleshoot and resolve issues related to data ingestion, search performance, and system availability in a timely manner. Document architecture, configurations, and processes to facilitate knowledge sharing and maintain an up-to-date repository of Splunk-related information. Stay up to date with industry trends and emerging technologies related to Splunk and security operations to provide recommendations for continuous improvement. Qualifications: Proven experience as a Splunk Architect, designing and implementing Splunk solutions in enterprise environments. Minimum of six years' experience in Splunk Core, four years' experience with Splunk Enterprise Security (ES) and two years' experience with Slunk SOAR (Phantom). Experience with MS Sentinel is highly desired. Minimum of 10 years' experience utilizing Splunk technologies. Strong understanding of Splunk architecture, including indexers, search heads, deployment servers, and forwarders. Proficiency in configuring data inputs, source types, and parsing rules in Splunk. Expertise in developing complex Splunk searches, reports, and dashboards using SPL (Splunk Processing Language). Solid understanding of security use cases and experience in leveraging Splunk for security monitoring and incident response. Familiarity with common log formats, protocols, and log sources. Knowledge of scripting languages (e.g., Python, Bash) for automation and data manipulation tasks. Strong analytical and problem-solving skills with the ability to troubleshoot and resolve issues related to Splunk infrastructure. Excellent communication and collaboration skills to work effectively with cross-functional teams and stakeholders. Splunk certification as a Splunk Certified Architect is highly desired. If you are a dedicated Splunk Architect with a passion for designing and optimizing Splunk infrastructure and solutions, we would love to hear from you.