Introduction & Summary
We are seeking an experienced Senior Splunk Engineer to take over and operate the on-premise Splunk SIEM platform. This role emphasizes the stabilization and continuous improvement of an enterprise-scale SIEM environment. The ideal candidate will possess strong expertise in Splunk Architecture, CIM onboarding, parser development, and effective scripting skills.

Main Responsibilities

• Perform CIM-compliant log onboarding, parser creation, and documentation.
• Conduct onboarding due diligence and demand analysis.
• Create Firewall/VPN/Routing change requests and validate changes.
• Manage ingestion pipelines via Cribl, Syslog-ng, Splunk UF/HF, SCP.
• Deploy and scale Splunk components using Terraform and Ansible.
• Ensure full Splunk platform operation, monitoring, performance, EPS/log flow.
• Handle Incidents, Service Requests, Changes, and Problems under ITSM.
• Implement approved changes across Splunk components.
• Conduct vulnerability scans and support SOC threat analysis.

Key Requirements

• 5–10 years of Splunk/SIEM experience in large enterprises.
• Expertise in Splunk Architecture, CIM onboarding, parser development, Syslog-ng, certificates.
• Strong scripting skills: Terraform, Ansible, Bash/Python.
• Experience stabilizing existing SIEM environments.
• Minimum two certifications from:
  • Splunk Core Certified User
  • Splunk Core Certified Power User
  • Splunk Enterprise Admin
  • Splunk Enterprise Architect
• Strong communication in enterprise environments.
• Clear documentation skills.
• Fluent English (German beneficial).

Other Details
This position involves long-term engagement (24–36 months) focusing on collaboration in a cutting-edge industrial SIEM environment within a Cyber Security context.