Splunk Support Engineer (2nd Level Support)

The role is for a Second Level Support Engineer specializing in Splunk, supporting a client in the financial services sector. The position involves maintaining and developing the Splunk environment, ensuring platform stability, and collaborating with cross-functional teams.

• Minimum 3 years of experience in Splunk administration and operations.
• At least 1 year of experience in a 2nd Level Support or similar role.
• Strong knowledge of Splunk architecture including Indexer Clusters, Search Head Clusters, Deployment Servers, and Forwarders.
• Experience troubleshooting platform issues and performing performance analysis.
• Knowledge of SPL (Search Processing Language) and report development.
• Experience administering Linux systems (RHEL/CentOS/Debian) and basic knowledge of Windows Server environments.
• Understanding of networking concepts including TCP/IP, TLS/SSL, firewalls, and proxy servers.
• Familiarity with ITIL processes.
• English proficiency at C1 level.
• German proficiency at B2 level or higher.
• Splunk Core Certified Power User certification.

Nice to have:

• Splunk Enterprise Certified Admin certification.
• Experience with Splunk Enterprise Security (ES) and/or Splunk ITSI environments.
• Knowledge of SOC processes, use case management, correlation rules, and Notable Events.
• Experience in financial or highly regulated environments.
• Familiarity with regulatory frameworks such as DORA, BAIT, MaRisk, ISO 27001, and GDPR.
• Knowledge of log sources like Active Directory, PAM, Core Banking Systems.
• Experience with Kubernetes, Docker, AWS, Azure, or Splunk Cloud.
• Scripting and automation skills using Python or Bash.
• Experience with HEC (HTTP Event Collector), Syslog, and REST API integrations.
• ITIL 4 Foundation certification.
• Certifications such as Splunk Enterprise Security Certified Admin, Splunk Certified Cybersecurity Defense Analyst, or CompTIA Security+.

• Handle and resolve incidents and service requests related to the Splunk environment (P1–P4) following ITIL processes.
• Diagnose and troubleshoot issues within Splunk architecture including Indexer Clusters, Search Head Clusters, Deployment Servers, Forwarders, and Heavy Forwarders.
• Monitor, analyze, and optimize search performance, dashboards, and scheduled searches.
• Administer Splunk Enterprise and Splunk Cloud environments.
• Manage users, roles, and permissions (RBAC).
• Configure and maintain data sources, inputs, and indexing policies.
• Support SOC processes and SIEM environments (Splunk ES).
• Participate in audits and compliance-related security activities.
• Create and maintain technical documentation and operational procedures.
• Collaborate with 1st and 3rd Level Support teams and vendor support.
• Participate in upgrades, patch deployments, and change management processes.
• Take part in on-call rotations supporting critical systems.