Onboard data sources through various methods (UF, HF, Syslog, Splunk TA, HEC, FTP(S), CSV, DB Connect, etc.)
Experience working with the Splunk Common Information Model
Skillful at parsing fields from unstructured logs (without the needs of Splunk Apps)
Administration of Splunk Enterprise Security and Splunk ES Essentials.
Maintain Data Models and base save searches.
Recommend and develop on-demand dashboards, rules, alerts, and reports using Splunk SIEM
Management and support parsing fields from unstructured logs
Administration and support for Splunk cluster environment
Assist in developing use cases to fulfill gaps that may be identified using several security tools
Be able to communicate findings or new rule logic on a technical and logical level to teams and leadership
Should comprehend and understand a problem and assist in developing potential corrective actions.
Architectural knowledge of Splunk configurations and experience in onboarding large datasets from inhouse and cloud data sources.