Administer and maintain Splunk Enterprise infrastructure (indexers, search heads, forwarders, deployment server, cluster management).
Perform performance tuning, system optimization, scaling, and capacity planning for OT workloads.
Install and configure Splunk Universal Forwarders across Windows, Linux, and applicable OT systems.
Manage Splunk apps, add-ons, data models, and knowledge objects.
Onboard and manage OT-related data sources including firewalls, switches/routers, SCADA-adjacent systems, VPN concentrators, RSA SecureID, Tripwire Enterprise, endpoint security platforms, and network monitoring tools.
Validate NERC CIP log retention and integrity requirements.
Develop dashboards, correlation searches, alerts, and compliance reports.
Create OT-specific detection use cases in collaboration with OT Network Security Analysts.
Troubleshoot ingestion failures, missing logs, and detection gaps.
Conduct root-cause analysis impacting OT security visibility.
Support incident response efforts through advanced Splunk queries, timelines, and forensic data exports.
Support internal and external audits through documentation, dashboards, and evidence extraction.
Ensure platform configurations align with NERC CIP standards (CIP-007, CIP-010, CIP-003 monitoring controls).
Maintain logging architecture documentation and operational procedures aligned with compliance governance standards.
Integrate Splunk with ServiceNow for automated alerting and ticketing workflows.
Collaborate with Firewall Governance, PKI, RSA, and VPN lifecycle stakeholders to enhance logging visibility.
Develop and maintain automation scripts using Python, PowerShell, or Bash.
Maintain operational runbooks, architectural documentation, and work registers.
Provide knowledge transfer and documentation to support long-term operational sustainability.

Requirements

3–5+ years of experience administering Splunk Enterprise (preferably in utility, industrial, or OT environments).
Strong expertise in: Splunk configuration, tuning, and troubleshooting.
Log ingestion pipelines.
Windows and Linux server administration.
Network security principles (firewalls, VPN, segmentation, routing).
Ability to obtain and maintain NERC CIP access requirements.
Bachelor's degree in Cybersecurity, Information Systems, Engineering, or related field (or equivalent experience).
Experience in utility OT environments (substations, telecom, control centers, generation facilities, pipelines).
Familiarity with Tripwire, RSA SecureID, SCADA systems, firewall governance frameworks, and NERC CIP requirements.
Experience with Splunk ES or Splunk ITSI.
Scripting and automation experience (Python, PowerShell, Bash).
Experience building dashboards, correlation searches, and detection content.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Splunk Enterprise administrationperformance tuningsystem optimizationcapacity planninglog ingestion pipelinesscriptingautomationdashboard developmentcorrelation searchesdetection content

Soft Skills

troubleshootingroot-cause analysisincident responsecollaborationknowledge transferdocumentation

Certifications

NERC CIP access requirements