Job Specifications
Role: Sr. Splunk Engineer
Location: Bensalem, PA|Onsite
Contract: 3+ Months
Scope: This role is responsible for engineering, deploying, configuring, and validating a multi-site, highly available Splunk Enterprise platform and extending it with Splunk Enterprise Security (ES). The engineer handles platform buildout, data onboarding, CIM alignment, ES enablement, tuning, and operational readiness.
Design and implement a multi-site, highly available Splunk Enterprise deployment including Cluster Manager, License Master, Deployer, Deployment Server, Monitoring Console, multi-site indexer cluster, and search head cluster.
Deploy and configure Universal Forwarders and Heavy Forwarders. Build deployment apps, server classes, and automated rollout scripts.
Onboard and validate data sources (e.g. Windows, Firewall, Cloud) and ensure proper CIM alignment.
Configure custom indexes, authentication (LDAP/SAML), SMTP relay, and load balancer requirements.
Install, configure, and operationalize Splunk Enterprise Security (ES).
Validate ES data model acceleration, correlation searches, dashboards, notable events, and use case logic.
Tune correlation searches, thresholds, data models, and platform performance.
Ensure ES content integration with the underlying Splunk Enterprise deployment.
Produce as-built documentation, architecture diagrams, runbooks, tuning guidance, and operational procedures.
Validate ingest pipelines, cluster stability, search performance, CIM compliance, and ES functionality.
Provide technical knowledge transfer and hands-on enablement to customer engineering teams.
Required Skills & Experience
5+ years of Splunk Enterprise engineering in distributed, clustered environments.
Direct experience deploying and tuning Splunk ES in production settings.
Strong ability to onboard diverse data sources and perform CIM alignment.
Linux administration and enterprise networking fundamentals.
Experience with authentication systems (LDAP, SAML).
Strong documentation and operationalization skills.
Preferred Qualifications
Splunk Admin, Architect, or ES Specialist certifications.
Experience in large-scale or multi-site enterprise deployments.
Familiarity with security operations workflows and SIEM tuning.
About the Company
Service Disabled Veteran Owned & Native American Owned IT Consulting Firm.
We are a Business and IT Consulting Services Firm with Big 4 Consulting background.
Services include:
Management Consulting
Outsourcing Advisory
Strategy & Operations Consulting
IT Consulting
IT Staff Augmentation
Business Continuity
Storage - SAN, Network, Business Continuity, Disaster Recovery, Virtualization, Datacenter, Information Management, Document Management
Know more