Splunk Implementation Engineer

Position Overview:

Our client is seeking a highly motivated and experienced Splunk Certified Implementation Engineer to join their team. A Splunk implementation engineer sets up, configures, and integrates Splunk software so organizations can collect, monitor, and analyze their machine and security data effectively.

Key responsibilities:

Splunk Architecture & Implementation

• End-to-end Splunk deployments from environment scoping and architecture blueprinting through production cutover
• Implement, install, and configure Splunk components.
• Implement federated search and analytics pipelines, enabling data-in-place querying.
• Build and tune data onboarding pipelines: configure inputs.conf, props.conf, and transforms.conf to normalize multi-vendor log sources at ingestion time into Splunk CIM-compliant data models.
• Develop and optimize SPL queries, macros, and scheduled searches to power operational detection use cases.

Cisco Data Fabric & Security Stack Integration

• Implement Splunk data ingestion pipelines from the Cisco security product suite: Cisco Secure Firewall (ASA/FTD), Cisco Secure IDS/IPS, Cisco Identity Services Engine (ISE), Cisco Umbrella, and Cisco Thousand Eyes network intelligence telemetry.
• Configure and validate Cisco Secure Endpoint and Cisco Threat Grid integration with Splunk ES for advanced malware telemetry correlation.
• Cisco Meraki, Cisco Secure Network Analytics, Cisco XDR.

Operations & Day-to-Day Platform Management

• Perform platform health and operational stability.
• Perform capacity planning, index lifecycle management, and Machine Data Lake tiering strategy to control costs without compromising retention SLAs.
• Execute Splunk version upgrades, patch deployments, and configuration management across all tiers using structured change management processes.

Broader Security Platform Responsibilities

• Manage and optimize next-generation security controls: Cisco Secure Firewall, Palo Alto Networks NGFWs, Fortinet FortiGate, VPN concentrators, Email/Web Security Gateways, and EDR/XDR platforms.
• Support Privileged Access Management (PAM) solutions and Database Activity Monitoring (DAM) platforms such as IBM Guardium as part of a holistic defense-in-depth security architecture.
• Lead client-facing implementation workshops, present technical architectures and security findings to both engineering and executive stakeholders, and deliver structured knowledge transfer sessions to upskill client security teams.
• Maintain accurate project documentation: HLD/LLD design artifacts, runbooks, architecture diagrams, and post-implementation reports.

Technical requirements:

Splunk Platform Expertise

• 5+ years of hands-on Splunk implementation experience in enterprise environments, including distributed multi-site deployments.
• Proven ability to architect and deploy distributed Splunk infrastructures: Indexer Clusters, Search Head Clusters, Heavy Forwarder pools, Deployment Server hierarchies, and Machine Data Lake tiers.
• Deep familiarity with Splunk Enterprise Security (ES): correlation searches, threat intelligence management, adaptive response, Risk-Based Alerting (RBA), and risk scoring frameworks.
• Working knowledge of Cisco Data Fabric architecture: federated search capabilities, data-in-place analytics, and the evolution from full-ingestion to hybrid/federated SIEM pipeline patterns.
• Familiarity with Splunk AI Toolkit, AI-assisted investigation workflows, and SOAR playbook development using Splunk SOAR is strongly advantageous.

Cisco & Network Security

• Hands-on experience integrating Cisco security products with Splunk: Secure Firewall (ASA/FTD), Secure IDS/IPS, ISE, Secure Endpoint, Umbrella, ThousandEyes, and Secure Network Analytics.
• Strong understanding of Cisco security event logging formats (syslog, eStreamer, REST/API telemetry) and their normalization into Splunk CIM data models.
• Working knowledge of network security fundamentals: firewall policy management, IDS/IPS tuning, and VPN configuration.
• Experience with additional NGFW platforms including Palo Alto Networks and Fortinet is advantageous.

Qualifications:

• Bachelor's degree in computer science, Information Technology, or a related field, or equivalent demonstrable experience.
• Minimum 5 years of technical experience in cybersecurity implementation and professional services delivery.
• Strong client-facing skills: ability to present complex security architectures to both engineering and executive audiences.
• Excellent written and verbal communication skills in English; Arabic proficiency is advantageous for client engagements in Oman.

Certifications:

Splunk Cybersecurity Defense Track | Security Operations Focus

• Splunk Certified Cybersecurity Defense Analyst
• Splunk Certified Cybersecurity Defense Engineer
• Splunk Certified Cybersecurity Defense Architect

Splunk Platform Administration Track | Infrastructure / Deployment Focus

• Splunk Enterprise Certified Admin
• Splunk Enterprise Security Certified Admin
• Splunk Enterprise Certified Architect
• Splunk SOAR Certified Automation Developer

Cisco Security Certifications

• Cisco Certified (CCIE Security)
• Cisco Certified (CCNP Security)

Broader Security Certifications

• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• GIAC Security Operations Certified (GSOC)