Splunk Production Services Engineer
$92,100–$160,100 year
On-site · Charlotte, North Carolina, United States or Chandler, Arizona, United States
Job Summary
Splunk Production Services Engineer responsible for end-to-end production support of a large-scale Splunk Enterprise and Splunk Cloud environment in a financial-services setting. Own production stability, performance, and data integrity; lead incident response and RCA; onboard and normalize data sources for CIM-compliant SIEM use; tune ingestion pipelines; build dashboards, searches, and alerts for threat detection and reporting; administer Cribl, and develop runbooks and documentation; operate under regulatory and change-management controls in a banking environment.
Required Qualifications
- 5+ years of hands-on experience administering large-scale Splunk Enterprise or Splunk Cloud environments
- Strong expertise in indexer clustering and search head clustering
- Experience with Universal and Heavy Forwarder architectures
- Knowledge of SmartStore / S3-compatible object storage
- Proficient in SPL, search optimization, summary indexing, and data model acceleration
- Experience with security log ingestion and SIEM use cases
- Ability to lead production incidents, perform RCA, and drive preventive solutions
- Strong Linux administration skills
- Experience in 24x7 production environments with high availability expectations
- Excellent written and verbal communication skills with stakeholders
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.