SOC Admin

We are seeking an experienced Splunk Administrator responsible for deployment, configuration, optimization, and ongoing management of the Splunk environment, including SIEM use case development and automation support for SOC operations.

Key Responsibilities

• Install, configure, and manage Splunk Enterprise / Splunk ES (Standalone, Distributed, Clustered).
• Configure and maintain Indexers, Search Heads, Forwarders, Deployment Server, Cluster Master.
• Onboard and integrate logs from servers, network devices, security tools, endpoints, and cloud platforms.
• Perform use case creation, correlation rule development, and fine-tuning aligned with MITRE ATT&CK framework.
• Optimize detection logic to reduce false positives and improve alert quality.
• Develop and maintain dashboards, alerts, reports, and advanced SPL queries.
• Support SOAR playbook development and automation workflows for incident response (phishing, malware, ransomware, etc.).
• Monitor Splunk platform health, performance tuning, EPS optimization, and storage management.
• Troubleshoot ingestion, parsing (props.conf, transforms.conf), and search performance issues.
• Implement RBAC, data retention policies, and security hardening.
• Support version upgrades, patching, backup, and DR setup.