Splunk Engineer - SE 26-04926

Job Title: Splunk Engineer

Location: Phoenix, AZ
Duration: 6 Months

Note: Candidates applying for this role must be eligible for getting security clearance whenever needed by the client.

Role Overview

We are seeking a highly skilled Splunk Engineer to support onboarding of new systems and data sources into an enterprise Splunk Cloud environment. This role focuses on building dashboards, alerts, and analytics to enhance operational visibility, strengthen security posture, and improve service reliability. The ideal candidate will bring deep technical expertise in Splunk administration, data ingestion, and SPL (Search Processing Language).

Key Responsibilities

• Onboard new systems, logs, and data sources into Splunk, ensuring accurate parsing, field extraction, CIM compliance, and data normalization.
• Configure and maintain Splunk forwarders, ingestion pipelines, and data routing.
• Design and develop advanced dashboards, visualizations, and analytics for operational, security, and business use cases.
• Create and optimize complex SPL queries, macros, lookups, and scheduled searches.
• Troubleshoot data ingestion issues, search performance bottlenecks, and data quality challenges.
• Collaborate with network, server, application, and security teams to define logging requirements and deliver actionable monitoring solutions.

Required Qualifications

• Hands-on experience administering and engineering Splunk Enterprise or Splunk Cloud in medium-to-large environments.
• Strong proficiency in SPL (Search Processing Language) for analytics and troubleshooting.
• Proven experience onboarding new systems and applications into Splunk.
• Experience building dashboards using Splunk Dashboard Studio or Classic Editor.
• Solid understanding of log ingestion formats such as syslog, JSON, and XML, including parsing and field extraction.
• Knowledge of core IT infrastructure concepts (servers, networking, firewalls, cloud services).
• Experience working with Linux command line and managing Splunk Universal/Heavy Forwarders.

Preferred Qualifications

• Experience with automation or scripting (e.g., Python, PowerShell).
• Exposure to Splunk Enterprise Security (ES) or IT Service Intelligence (ITSI) modules.
• Familiarity with distributed Splunk environments, including indexer clustering and search head clustering.
• Experience implementing CIM compliance and data models.

Ideal Candidate Profile

• Strong analytical, troubleshooting, and data visualization skills.
• Ability to collaborate effectively with cross-functional teams across infrastructure, application, and security domains.
• Excellent communication skills with the ability to translate technical insights into actionable outcomes.

For more details reach at resumes@navitassols.com.