SIEM / Splunk Operations (On-Prem)

Overview We are seeking an experienced Senior Splunk Engineer to take over and operate the on-premise Splunk SIEM platform. As part of the transition from the existing global partner, you will be responsible for stabilizing and continuously improving an existing enterprise-scale SIEM environment. You will own all Splunk operations across the following domains: • Plan & Build • 24/7 Operations • Release & Patch Management • CIM-based Log Onboarding • Parser development • Hardening • Configuration Management • Incident/Problem/Change processes The current platform landscape includes: • 50+ Cribl Workers • 10+ Splunk Forwarder / Heavy Forwarder • Indexers • Management Components • Search Heads & GINX Load Balancer Main Responsibilities Core duty description: Ensure the optimization and effective operations of the Splunk platform through various responsibilities. • Perform CIM-compliant log onboarding, parser creation, and documentation. • Conduct onboarding due diligence and demand analysis. • Create Firewall/VPN/Routing change requests and validate changes. • Manage ingestion pipelines via Cribl, Syslog-ng, Splunk UF/HF, SCP. • Deploy and scale Splunk components using Terraform and Ansible. • Ensure full Splunk platform operation, monitoring, product performance, and log flow. • Lead Major Incident Management with 24/7 on-call rotation. • Conduct system hardening and vulnerability remediation. • Take over existing Splunk operations and ensure stability during transition. Key Requirements • 5–10 years Splunk/SIEM experience in large enterprises. • Expertise in Splunk Architecture, CIM onboarding, parser development, Syslog-ng. • Strong scripting skills: Terraform, Ansible, Bash/Python. • Experience stabilizing existing SIEM environments. Certifications (required):• Minimum two of:Splunk Core Certified User • Splunk Core Certified Power User • Splunk Enterprise Admin • Splunk Enterprise Architect • Optional: Splunk ES • Strong communication and documentation skills in an enterprise context. • Proactive, quality-driven work style. • Fluent in English (German beneficial). Nice to Have • Experience in automating workflows using SOP-based guidelines. • Knowledge of security compliance practices. • Familiarity with health check dashboard creation. • Background in managing data ingestion pipelines. Other Details Opportunity to work in an innovative industrial SIEM environment with high responsibility in Cyber Security. Position offers long-term engagement (24–36 months) with international collaboration possibilities.