Required

  • Current Splunk Enterprise Certified Admin certification
  • At least five (5) years of experience with Splunk in distributed deployments and at least one (1) year of experience with Splunk Cloud environments
  • Experience with Splunk Enterprise Security
  • Excellent written and oral skills, ability to work closely with multiple customers, manage expectations and track engagement scope
  • Experience with Splunk Enterprise Security or integration with other Security Information and Event Management (SIEM) platforms
  • Proficient at search time activities including parsing and normalizing events to the Splunk Common Information Model (CIM)
  • Proficiency in utilizing data onboarded by Splunk developed add-ons (e.g. Windows, Linux, and common third-party devices and applications)
  • Proficient in regular expressions
  • Must be able to effectively collaborate and work with others in a remote work environment

Preferred

  • Current Splunk Enterprise Security Certified Admin certification
  • Knowledge of JIRA and Confluence