Splunk Data Administrator – CIM / Data Onboarding / Hybrid Architecture

Insighture is a leading technology consultancy that drives digital transformation for businesses worldwide. With a team of over 85 expert consultants, the company delivers tailored, high-impact strategies and solutions, enabling scalable product engineering. As an AWS partner, Insighture excels in co-integrated cloud services. It has collaborated with more than 50 clients globally, guiding them through cloud adoption, DevOps transformation, enterprise modernisation, and more.

The team’s expertise spans Cloud-Native Development, Solutions Architecture, UI/UX, Quality Engineering, Data Engineering, AI/ML, and DevSecOps. These capabilities empower businesses to achieve impactful and innovative outcomes.

In 2024, Insighture achieved ISO certification and was recognised as a Great Place to Work, earning three prestigious awards: Best Workplace in Sri Lanka, Best Workplace for Technology, and Best Workplace for Young People. Insighture's technology and expertise are embedded in the work of internationally recognised care providers, global freight operations, child protection systems, and health tech platforms across Australia, the UK, and Singapore.

Responsibilities

• Lead end-to-end onboarding of new log sources, including requirements gathering, validation, parsing, testing, and release.
• Collaborate with Security and IT teams to define logging requirements ensuring data quality, completeness, and timeliness.Implement and maintain scalable data onboarding frameworks, including index, sourcetype, and metadata governance.
• Normalize data in line with Splunk CIM standards to support analytics and security use cases.
• Develop and manage field extraction, parsing, and enrichment using configurations, regex, and structured data formats (JSON, XML, KV).
• Maintain and support distributed Splunk environments, including search heads, indexers, forwarders, and add-ons.
• Manage hybrid Splunk environments (on-prem and cloud), including ingestion pipelines, connectivity, and performance monitoring.
• Ensure platform health, data quality, and governance through monitoring, documentation, and continuous improvement practices.

Requirements

• 5–10+ years of experience in Splunk administration and data onboarding.
• Strong knowledge of log ingestion, parsing, and normalization strategies.
• Experience with complex enterprise Splunk deployments and hybrid environments.
• Hands-on experience writing SPL queries for validation, troubleshooting, and data quality analysis.
• Strong experience working with logs across security domains including EDR, firewalls, proxy servers, identity systems, VPNs, and email security platforms.
• Hands-on experience with infrastructure logs such as Windows Server, Linux systems, network devices, and virtualization platforms.Exposure to cloud logging across platforms like Amazon Web Services, Microsoft Azure, or Google Cloud Platform (preferred).
• Experience with Splunk ecosystem tools, particularly Splunk Enterprise Security, and familiarity with ingestion methods like HEC and API-based logging.Nice-to-have exposure to advanced Splunk capabilities such as Ingest Actions, Edge Processor, message queues, and observability platforms like ITSI.