We are seeking a Splunk Data Administrator to own and continuously improve Splunk data onboarding, normalization, and quality across a complex hybrid Splunk environment (on‑prem and cloud). The ideal candidate is hands-on with CIM alignment, data source onboarding, field extractions (regex/props/transforms/ingest actions), TA deployment, and end-to-end operational management of Splunk data pipelines. You will act as the key point of contact for ensuring log sources are onboarded correctly, parsed and normalized consistently, and made usable for security/IT operations, dashboards, correlation searches, and reporting. Key Responsibilities; Data Onboarding & Lifecycle Management CIM Normalization & Data Modelling Field Extraction, Parsing & Enrichment TA Installation & Configuration (Complex / Hybrid) Hybrid Splunk Architecture Operations Monitoring, Troubleshooting & Governance Required Skills & Experience 5 years of experience with Splunk administration and data onboarding (or equivalent depth). Strong practical knowledge of: CIM normalization, tags/eventtypes, datamodel alignment Field extraction (regex, JSON/KV extraction) and troubleshooting parsing issues props.conf/transforms.conf, sourcetypes, timestamps, line-breaking TA installation/configuration and deployment patterns across Splunk tiers Experience with complex Splunk architectures: - Indexer clusters, SH/SHC, forwarder management, deployment server Hybrid patterns (on-prem cloud), connectivity, and ingestion strategies Comfortable writing and validating SPL for data quality and CIM compliance. Strong log source knowledge across common domains: Security: EDR, firewall, proxy, IAM/auth, VPN, email security Infrastructure: Windows, Linux, network devices, virtualization Cloud: AWS/Azure/GCP logging patterns (nice-to-have) If you have the skills and full working rights, then hit the apply now tab, attach your CV, and let's have a confidential chat. Please note, we do not offer sponsorship
