Splunk Engineer

EPAM is seeking an experienced Splunk Engineer to build, optimize and maintain our Splunk Enterprise environment. The ideal candidate has deep expertise in Splunk architecture, Linux engineering, data ingestion pipelines, security controls and automation. You will play a critical role in shaping our logging and analytics capabilities, ensuring performance, scalability and resilience across the platform. The role requires working from our Eindhoven office 2 days a week., * Build and deploy the end-to-end technical architecture of the Splunk platform, including search heads, indexers, ingestion tiers and supporting components

• Build Splunk deployments based on Splunk Validated Architectures (SVA) ensuring resilience and scalability
• Optimize and harden Linux-based Splunk infrastructure, including Workload management and resource limits, OS hardening and kernel tuning, THP/SWAP settings and Filesystem layout and storage performance best practices
• Establish and maintain ingestion pipelines using: Universal Forwarders/Heavy Forwarders, HEC endpoints, Syslog pipelines (SC4S, syslog NG, rsyslog), API-based collectors and Database inputs
• Develop parsing and normalization models aligned with the CIM framework, including high performing accelerated data models
• Design and optimize alerts, dashboards and health monitoring on Splunk
• Integrate Splunk deployment workflows into CI/CD pipelines, enabling GitOps-based operations and automated configuration management

Do you have experience in Splunk?, * 5+ years hands-on Splunk Enterprise experience in administration, architecture or platform build roles

• Proven delivery of greenfield builds or major re-platform projects
• Strong proficiency with SPL and advanced search optimization, Props/transforms, field extractions and parsing logic, CIM, data model acceleration and search performance tuning
• Solid Linux (RHEL) administration skills including networking, storage, filesystems, system tuning and hardening
• Experience with automation and at least one scripting: Bash, Python, Ansible (or similar tools), Git-based workflows and packaging Splunk apps/add-ons

Nice to have

• Proven experience with multiple SIEM solutions
• Hands-on experience with SIEM migration projects, including planning, execution and troubleshooting
• SIEM-specific certifications such as Splunk Certified Architect, IBM QRadar Certification or ArcSight Certified Security Analyst
• Security certifications such as CISSP, CEH, CompTIA CASP+ or GIAC are an advantage

• 26 paid holiday days
• Pension plan scheme
• Disability insurance (WGA Shortfall insurance)
• Long-term disability insurance (WIA Top up insurance)
• EPAM Employee Stock Purchase Plan (ESPP)
• Commuting to work - costs reimbursement
• Laptop + corporate simcard + corporate mobile device (subject to certain eligibility requirements)
• Bike lease
• Employee Assistance Program
• Corporate Programs including Employee Referral Program with rewards
• Learning and development opportunities including in-house training and coaching, professional certifications, over 22,000 courses on LinkedIn Learning Solutions and much more

• All benefits and perks are subject to certain eligibility requirements