Role Overview:
We’re looking for a skilled Splunk Administrator with extensive experience in Splunk Enterprise implementation to join our Beyon Cyber team. You will be responsible for addressing and resolving all app/add-on related challenges, updating the ES content app across all customer environments regularly, and providing aid to customers to meet their audit requirements.
Main Responsibilities:
Splunk Enterprise Installation & Configuration:
- Lead the installation, configuration, and maintenance of Splunk Enterprise across various environments.
- Optimize Splunk performance, including data indexing, search efficiency, and storage management.
- Manage Splunk licenses and ensure compliance with licensing agreements.
Syslog-ng Configuration & Fine-Tuning:
- Configure and fine-tune syslog-ng to ensure accurate and efficient log data ingestion into Splunk.
- Monitor and troubleshoot syslog-ng issues to ensure continuous log flow.
- Implement best practices for syslog-ng configuration to enhance log data integrity and availability.
Log Source Onboarding & Validation:
- Lead the onboarding of new log sources, ensuring they are correctly ingested and indexed within Splunk.
- Validate and verify the accuracy and completeness of log data from various sources.
- Develop and maintain documentation for log source onboarding processes and procedures.
Implementation of Apps & Add-ons:
- Install, configure, and manage Splunk apps and add-ons to extend the platform's functionality.
- Customize and tailor Splunk apps to meet specific customer needs and environments.
- Regularly update the ES (Enterprise Security) content app across all customer environments, ensuring the latest threat intelligence and security frameworks are applied.
Customer Support & Troubleshooting:
- Collaborate closely with customers to understand their specific needs and ensure that Splunk configurations align with their objectives.
- Address and resolve app/add-on-related challenges within all customer environments.
- Provide expert troubleshooting for log source issues, ensuring rapid resolution of any data ingestion or processing problems.
- Support customers in meeting their audit requirements by providing timely and accurate log data and reporting.
- Proactively identify opportunities for improvement in customers' Splunk environments and suggest enhancements.
Documentation & Reporting:
- Maintain detailed and up-to-date documentation for all Splunk-related processes, configurations, and troubleshooting procedures.
- Generate regular reports on Splunk performance, data ingestion, and app/add-on utilization.
- Document customer interactions and support provided, ensuring clear records of all activities.
Qualifications:
- A minimum of 5 years of experience in Splunk is required
- Has a strong understanding of essential Cyber Security knowledge
- Proficiency in LogRhythm, Microsoft Sentinel, SIEM implementation and Administration is a plus
- Must be able to speak and write fluently in English
- Must be willing to relocate to Bahrain