Splunk Administrator

Overview

CVP is seeking a skilled Splunk Front-End Administrator with strong enterprise security expertise to join our team. This strategic role will focus on designing, implementing, and maintaining our Splunk front-end environment within a security operations context, while also managing Splunk Enterprise Security setup and configurations. The ideal candidate will excel at creating security-focused dashboards, visualizations, and user experiences that enhance our threat detection, incident response, and security monitoring capabilities. You will serve as the bridge between our security teams and the Splunk platform, ensuring that security analysts have the tools and views needed to effectively identify and respond to security threats. Experience with our Kubernetes-based Splunk deployment in EKS is essential for success in this role.

Responsibilities

• Design and develop Splunk dashboards, reports, and visualizations that transform complex security data into actionable insights
• Configure and maintain Splunk Web interfaces, ensuring optimal performance, usability, and security
• Implement and customize Splunk apps from Splunkbase to extend platform capabilities, particularly security-focused apps
• Develop and maintain Splunk knowledge objects (saved searches, lookups, field extractions) for security use cases
• Create custom XML and JavaScript for advanced dashboard functionality while adhering to security best practices
• Manage and optimize Splunk Enterprise Security (ES) configurations, including correlation searches, notable events, and risk scoring
• Configure and maintain ES content, including security dashboards, glass tables, and ES-specific knowledge objects
• Implement and fine-tune ES use cases based on organizational security requirements
• Set up and maintain threat intelligence integrations within Splunk ES
• Develop and maintain ES correlation searches and adaptive responses
• Collaborate with security teams to understand reporting requirements and translate them into effective security visualizations
• Optimize dashboard performance and user experience for security monitoring
• Provide training and support to security teams on dashboard usage and capabilities
• Assist with troubleshooting and maintenance of Splunk deployed in EKS Kubernetes environment
• Stay current with Splunk updates, security best practices, and new visualization capabilities

Qualifications

• 3+ years of experience with Splunk administration, with specific focus on front-end components
• Strong understanding of Splunk's dashboard framework (Simple XML, Dashboard Studio)
• Experience configuring and managing Splunk Enterprise Security (ES)
• Proficiency in search processing language (SPL) for creating advanced security queries
• Experience with JavaScript, HTML, and CSS for dashboard customization
• Strong security background with understanding of common security frameworks (MITRE ATT&CK, NIST, etc.)
• Experience developing security-focused visualizations and dashboards
• Knowledge of Kubernetes concepts and operations, particularly in AWS EKS environments
• Experience with containerized Splunk deployments
• Familiarity with Kubernetes resource management and troubleshooting
• Knowledge of security log types, formats, and analysis techniques
• Familiarity with common security tools and technologies integrated with Splunk
• Knowledge of Splunk data models and accelerations for security reporting optimization
• Strong troubleshooting and problem-solving skills
• Excellent communication skills for translating technical security concepts to non-technical users

Preferred Qualifications

• Splunk certifications (Splunk Core Certified User, Power User, or Advanced Power User)
• Splunk Enterprise Security certification or hands-on experience
• AWS certifications or strong AWS experience
• Kubernetes certifications (CKA, CKAD)
• Experience with Helm charts and Kubernetes operators
• In-depth knowledge of Splunk ES architecture and components
• Experience with ES content management and customization
• Knowledge of SIEM principles and security operations workflows
• Experience with threat hunting and security analytics
• Background in SOC operations or security incident response
• Understanding of compliance frameworks (PCI DSS, HIPAA, etc.)
• Experience with security automation and orchestration in Splunk
• Knowledge of threat intelligence integration with Splunk
• Experience with REST API integration for dashboard enhancements
• Background in data visualization principles and techniques
• Understanding of data analytics and business intelligence concepts

About CVP

CVP is an award-winning healthcare and next-gen technology and consulting services firm solving critical problems for healthcare, national security, and public sector clients. We help organizations achieve lasting transformation.

CVP is an Equal Opportunity Employer dedicated to actively recruiting individuals and providing advancement opportunities based on merit and legitimate job qualifications. We ensure that all associates receive equal opportunities based on their personal qualifications and job requirements. CVP strictly prohibits any form of discrimination or harassment.

At CVP, we cultivate a work environment that encourages fairness, teamwork, and respect among all associated. We are committed to maintaining a workplace where everyone can grow both personally and professionally.