Splunk Admin/ Specialist

CyberGate Defense is looking for a skilled and dedicated Splunk Administrator to join our growing team in Abu Dhabi , UAE] ! If you're passionate about data, security, and optimizing Splunk environments to their fullest potential, we want to hear from you.

As a Splunk Administrator, you will be crucial in managing, maintaining, and scaling our Splunk infrastructure, ensuring optimal performance and data integrity for our security and operational intelligence needs.

Key Responsibilities :

• Splunk Infrastructure Management : Install, configure, and maintain Splunk Enterprise deployments, including indexers, search heads, forwarders, and deployment servers.
• Performance Tuning & Optimization : Monitor Splunk system health, troubleshoot issues, and optimize performance for searches, dashboards, and data ingestion.
• Data Onboarding & Management : Configure data inputs, manage data parsing, field extractions, and ensure data quality and integrity from various sources (logs, metrics, etc.).
• User & Access Management : Administer Splunk users, roles, and permissions, ensuring adherence to security best practices.
• Security & Compliance : Implement and maintain security controls within the Splunk environment, including data encryption, access logging, and compliance with organizational policies.
• Troubleshooting & Support : Provide expert-level support for Splunk-related issues, working with internal teams to resolve problems efficiently.
• Upgrade & Patch Management : Plan and execute Splunk upgrades, patches, and hotfixes with minimal downtime.
• Documentation : Create and maintain comprehensive documentation for Splunk architecture, configurations, and operational procedures.
• Collaboration : Work closely with security analysts, engineers, and other IT teams to understand their data requirements and provide tailored Splunk solutions.

Qualifications & Skills :

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 5 to 8+ years of hands-on experience as a Splunk Administrator in an enterprise environment.
• Proven expertise in Splunk Enterprise administration , including clustered environments (indexer clustering, search head clustering).
• Strong understanding of Splunk architecture and components.
• Proficiency in Splunk Search Processing Language (SPL) for complex queries, dashboards, and reports.
• Experience with data onboarding from various sources (e.g., Windows, Linux, network devices, applications, cloud services).
• Familiarity with regular expressions (regex) for data parsing.
• Knowledge of scripting languages (e.g., Python, Shell) for automation is a plus.
• Understanding of network protocols, security concepts, and IT operations.
• Excellent problem-solving, analytical, and communication skills.
• Splunk Certified Administrator or other relevant Splunk certifications are highly preferred.