Splunk Admin/ Specialist

CyberGate Defense is looking for a skilled and dedicated Splunk Administrator to join our growing team in Abu Dhabi, UAE]! If you're passionate about data, security, and optimizing Splunk environments to their fullest potential, we want to hear from you.

As a Splunk Administrator, you will be crucial in managing, maintaining, and scaling our Splunk infrastructure, ensuring optimal performance and data integrity for our security and operational intelligence needs.

Key Responsibilities:

• Splunk Infrastructure Management: Install, configure, and maintain Splunk Enterprise deployments, including indexers, search heads, forwarders, and deployment servers.
  
• Performance Tuning & Optimization: Monitor Splunk system health, troubleshoot issues, and optimize performance for searches, dashboards, and data ingestion.
  
• Data Onboarding & Management: Configure data inputs, manage data parsing, field extractions, and ensure data quality and integrity from various sources (logs, metrics, etc.).
  
• User & Access Management: Administer Splunk users, roles, and permissions, ensuring adherence to security best practices.
  
• Security & Compliance: Implement and maintain security controls within the Splunk environment, including data encryption, access logging, and compliance with organizational policies.
  
• Troubleshooting & Support: Provide expert-level support for Splunk-related issues, working with internal teams to resolve problems efficiently.
  
• Upgrade & Patch Management: Plan and execute Splunk upgrades, patches, and hotfixes with minimal downtime.
  
• Documentation: Create and maintain comprehensive documentation for Splunk architecture, configurations, and operational procedures.
  
• Collaboration: Work closely with security analysts, engineers, and other IT teams to understand their data requirements and provide tailored Splunk solutions.
  

Qualifications & Skills:

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
  
• 5 to 8+ years of hands-on experience as a Splunk Administrator in an enterprise environment.
  
• Proven expertise in Splunk Enterprise administration, including clustered environments (indexer clustering, search head clustering).
  
• Strong understanding of Splunk architecture and components.
  
• Proficiency in Splunk Search Processing Language (SPL) for complex queries, dashboards, and reports.
  
• Experience with data onboarding from various sources (e.g., Windows, Linux, network devices, applications, cloud services).
  
• Familiarity with regular expressions (regex) for data parsing.
  
• Knowledge of scripting languages (e.g., Python, Shell) for automation is a plus.
  
• Understanding of network protocols, security concepts, and IT operations.
  
• Excellent problem-solving, analytical, and communication skills.
  
• Splunk Certified Administrator or other relevant Splunk certifications are highly preferred.
  

Benefits