Senior Splunk Engineer

Introduction & SummaryWe are seeking an experienced Senior Splunk Engineer to take over and operate the on-premise Splunk SIEM platform. This role emphasizes the stabilization and continuous improvement of an enterprise-scale SIEM environment. The ideal candidate will possess strong expertise in Splunk Architecture, CIM onboarding, parser development, and effective scripting skills. Main Responsibilities• Perform CIM-compliant log onboarding, parser creation, and documentation. • Conduct onboarding due diligence and demand analysis. • Create Firewall/VPN/Routing change requests and validate changes. • Manage ingestion pipelines via Cribl, Syslog-ng, Splunk UF/HF, SCP. • Deploy and scale Splunk components using Terraform and Ansible. • Ensure full Splunk platform operation, monitoring, performance, EPS/log flow. • Handle Incidents, Service Requests, Changes, and Problems under ITSM. • Implement approved changes across Splunk components. • Conduct vulnerability scans and support SOC threat analysis. Key Requirements• 5–10 years of Splunk/SIEM experience in large enterprises. • Expertise in Splunk Architecture, CIM onboarding, parser development, Syslog-ng, certificates. • Strong scripting skills: Terraform, Ansible, Bash/Python. • Experience stabilizing existing SIEM environments. • Minimum two certifications from:Splunk Core Certified User • Splunk Core Certified Power User • Splunk Enterprise Admin • Splunk Enterprise Architect • Strong communication in enterprise environments. • Clear documentation skills. • Fluent English (German beneficial). Nice to Have• Experience with Splunk ES. Other DetailsThis position involves long-term engagement (24–36 months) focusing on collaboration in a cutting-edge industrial SIEM environment within a Cyber Security context.