Splunk SME

Job Title: Splunk SME Clearance required: SC Location: Remote with occasional Travel to a client site in Warwick. Potentially also Farnborough/Corsham Contract inside IR35 Job Description: A Splunk SME to manage and optimize log management and SIEM environment. Will configure and maintain Splunk Heavy Forwarders, Windows Event Collectors, and Syslog Aggregators to ensure efficient log collection, analysis, and correlation. The focus will be on normalizing data, configuring event sources for various devices (Cisco, Palo Alto, F5, Fortinet, HPE, VMs), and developing event correlation rules, alerts, and dashboards to support our CSOC. This role requires a strong understanding of Linux, Windows, and networking logging concepts. Essential Skills: Proven experience with Splunk Heavy Forwarders on Linux platforms. Strong understanding of Windows Event Collector Services (WEC). Hands-on experience with Syslog Aggregators. Expertise in log management and forwarding best practices. Desirable Skills: Experience implementing Splunk environments to CIS Level 1 and Level 2 standards. Familiarity with Red Hat Enterprise Linux Server. Knowledge of forwarding events to Splunk Enterprise and ServiceNow platforms. Experience integrating Splunk with SolarWinds. Understanding of Reliable Event Logging Protocol (RELP).

Location: Warwick, GB

Posted Date: 1/15/2025