Save Job
Posted 6d ago

Track Manager - Splunk, Bash (Scripting Language), Python (133772)

@ HCLTech
Noida, Uttar Pradesh, India
OnsiteFull Time
Responsibilities:designing platform, operating platform, optimizing performance
Requirements Summary:5+ years in IT operations/observability/security analytics, 3+ years Splunk Enterprise, 2+ years Cribl, Splunk certifications required, hands-on Linux, networking, cloud, scripting and CI/CD experience.
Technical Tools Mentioned:Splunk, Cribl, Kafka, Linux, Ansible, Python, Infrastructure as Code (IaC), CI/CD
Save
Mark Applied
Hide Job
Report & Hide
Job Description
Requisition ID 133772 - Posted 


Job Summary

Role Overview The role is responsible for designing, building, and continuously enhancing a scalable observability and security analytics platform based on Splunk and Cribl. The platform supports IT operations, security monitoring (SOC/Enterprise Security), and compliance use cases, ensuring high data quality, performance, availability, and cost efficiency across onpremises and cloud environments. Key Responsibilities Platform Architecture & Engineering Design, implement, and maintain Splunk architectures including Search Head Clusters, Indexer Clusters, Forwarder Infrastructure (incl. Heavy Forwarders), SmartStore, and Deployment Servers. Design and operate Cribl architectures including Stream, Edge, Pipelines, and Routes. Ensure scalable, highly available, and secure platform operations across onprem and cloud deployments. Data Ingestion & Management Plan and implement data ingestion pipelines using syslog, HTTP, Kafka, cloud-native logs, and APIs. Define and implement parsing, enrichment, and normalization standards (e.g., Splunk CIM). Ensure high data quality, reliability, continuous dataflow and usability for analytics and detection use cases. Integrate new log sources including applications, servers, network devices, cloud services, and security platforms. Performance, Scalability & Cost Control Perform performance tuning, capacity planning, and scalability design for highvolume log environments. Define and govern indexing strategies, retention policies, and data lifecycle management. Optimize license usage and operational costs through filtering, routing, and tiering strategies. Use Case & Content Development Develop and maintain IT operations, security (Enterprise Security), and compliance use cases. Design and implement dashboards, KPIs, alerts, and reports. Support security monitoring, threat detection, and incident response activities. Automation & Documentation Automate platform provisioning and configuration using Infrastructure as Code (IaC) and CI/CD pipelines. Create and maintain architecture documentation, operational runbooks, and standards. Collaboration & Communication Collaborate closely with SOC teams, security governance, IT infrastructure, and application teams. Coordinate with external service providers for platform operations and support. Advise internal stakeholders on logging, monitoring, observability, and security analytics requirements. Experience 5–8 years of overall experience in IT operations, monitoring, logging, observability, or security analytics platforms. 3+ years of handson experience designing, operating, and optimizing Splunk Enterprise environments. 2+ years of experience with Cribl (Stream and/or Edge). Experience working with largescale, highvolume log environments across onprem and cloud platforms. Proven collaboration with SOC teams, security analysts, and governance stakeholders. Experience in performance tuning, capacity planning, and cost optimization for logging platforms. Exposure to automation, scripting, and CI/CD in observability or security toolchains. SFIAAligned Skills Qualifications & Skills Mandatory Splunk Certifications: Core Certified Power User and Admin; Enterprise Security Administrator or Architect. Cribl: Stream Administrator/Engineer or equivalent experience. Strong knowledge of log ingestion, parsing, enrichment, and normalization. Understanding of IT security and compliance frameworks (e.g., ISO 27001, GDPR). Strong handson experience with Linux, networking protocols, and cloud platforms. Desirable Experience with automation tools (Ansible, Python). Exposure to DevOps and CI/CD practice\"

Key Responsibilities

Role Overview The role is responsible for designing, building, and continuously enhancing a scalable observability and security analytics platform based on Splunk and Cribl. The platform supports IT operations, security monitoring (SOC/Enterprise Security), and compliance use cases, ensuring high data quality, performance, availability, and cost efficiency across onpremises and cloud environments. Key Responsibilities Platform Architecture & Engineering Design, implement, and maintain Splunk architectures including Search Head Clusters, Indexer Clusters, Forwarder Infrastructure (incl. Heavy Forwarders), SmartStore, and Deployment Servers. Design and operate Cribl architectures including Stream, Edge, Pipelines, and Routes. Ensure scalable, highly available, and secure platform operations across onprem and cloud deployments. Data Ingestion & Management Plan and implement data ingestion pipelines using syslog, HTTP, Kafka, cloud-native logs, and APIs. Define and implement parsing, enrichment, and normalization standards (e.g., Splunk CIM). Ensure high data quality, reliability, continuous dataflow and usability for analytics and detection use cases. Integrate new log sources including applications, servers, network devices, cloud services, and security platforms. Performance, Scalability & Cost Control Perform performance tuning, capacity planning, and scalability design for highvolume log environments. Define and govern indexing strategies, retention policies, and data lifecycle management. Optimize license usage and operational costs through filtering, routing, and tiering strategies. Use Case & Content Development Develop and maintain IT operations, security (Enterprise Security), and compliance use cases. Design and implement dashboards, KPIs, alerts, and reports. Support security monitoring, threat detection, and incident response activities. Automation & Documentation Automate platform provisioning and configuration using Infrastructure as Code (IaC) and CI/CD pipelines. Create and maintain architecture documentation, operational runbooks, and standards. Collaboration & Communication Collaborate closely with SOC teams, security governance, IT infrastructure, and application teams. Coordinate with external service providers for platform operations and support. Advise internal stakeholders on logging, monitoring, observability, and security analytics requirements. Experience 5–8 years of overall experience in IT operations, monitoring, logging, observability, or security analytics platforms. 3+ years of handson experience designing, operating, and optimizing Splunk Enterprise environments. 2+ years of experience with Cribl (Stream and/or Edge). Experience working with largescale, highvolume log environments across onprem and cloud platforms. Proven collaboration with SOC teams, security analysts, and governance stakeholders. Experience in performance tuning, capacity planning, and cost optimization for logging platforms. Exposure to automation, scripting, and CI/CD in observability or security toolchains. SFIAAligned Skills Qualifications & Skills Mandatory Splunk Certifications: Core Certified Power User and Admin; Enterprise Security Administrator or Architect. Cribl: Stream Administrator/Engineer or equivalent experience. Strong knowledge of log ingestion, parsing, enrichment, and normalization. Understanding of IT security and compliance frameworks (e.g., ISO 27001, GDPR). Strong handson experience with Linux, networking protocols, and cloud platforms. Desirable Experience with automation tools (Ansible, Python). Exposure to DevOps and CI/CD practice\"

Skill Requirements

Role Overview The role is responsible for designing, building, and continuously enhancing a scalable observability and security analytics platform based on Splunk and Cribl. The platform supports IT operations, security monitoring (SOC/Enterprise Security), and compliance use cases, ensuring high data quality, performance, availability, and cost efficiency across onpremises and cloud environments. Key Responsibilities Platform Architecture & Engineering Design, implement, and maintain Splunk architectures including Search Head Clusters, Indexer Clusters, Forwarder Infrastructure (incl. Heavy Forwarders), SmartStore, and Deployment Servers. Design and operate Cribl architectures including Stream, Edge, Pipelines, and Routes. Ensure scalable, highly available, and secure platform operations across onprem and cloud deployments. Data Ingestion & Management Plan and implement data ingestion pipelines using syslog, HTTP, Kafka, cloud-native logs, and APIs. Define and implement parsing, enrichment, and normalization standards (e.g., Splunk CIM). Ensure high data quality, reliability, continuous dataflow and usability for analytics and detection use cases. Integrate new log sources including applications, servers, network devices, cloud services, and security platforms. Performance, Scalability & Cost Control Perform performance tuning, capacity planning, and scalability design for highvolume log environments. Define and govern indexing strategies, retention policies, and data lifecycle management. Optimize license usage and operational costs through filtering, routing, and tiering strategies. Use Case & Content Development Develop and maintain IT operations, security (Enterprise Security), and compliance use cases. Design and implement dashboards, KPIs, alerts, and reports. Support security monitoring, threat detection, and incident response activities. Automation & Documentation Automate platform provisioning and configuration using Infrastructure as Code (IaC) and CI/CD pipelines. Create and maintain architecture documentation, operational runbooks, and standards. Collaboration & Communication Collaborate closely with SOC teams, security governance, IT infrastructure, and application teams. Coordinate with external service providers for platform operations and support. Advise internal stakeholders on logging, monitoring, observability, and security analytics requirements. Experience 5–8 years of overall experience in IT operations, monitoring, logging, observability, or security analytics platforms. 3+ years of handson experience designing, operating, and optimizing Splunk Enterprise environments. 2+ years of experience with Cribl (Stream and/or Edge). Experience working with largescale, highvolume log environments across onprem and cloud platforms. Proven collaboration with SOC teams, security analysts, and governance stakeholders. Experience in performance tuning, capacity planning, and cost optimization for logging platforms. Exposure to automation, scripting, and CI/CD in observability or security toolchains. SFIAAligned Skills Qualifications & Skills Mandatory Splunk Certifications: Core Certified Power User and Admin; Enterprise Security Administrator or Architect. Cribl: Stream Administrator/Engineer or equivalent experience. Strong knowledge of log ingestion, parsing, enrichment, and normalization. Understanding of IT security and compliance frameworks (e.g., ISO 27001, GDPR). Strong handson experience with Linux, networking protocols, and cloud platforms. Desirable Experience with automation tools (Ansible, Python). Exposure to DevOps and CI/CD practice\"

Other Requirements

Role Overview The role is responsible for designing, building, and continuously enhancing a scalable observability and security analytics platform based on Splunk and Cribl. The platform supports IT operations, security monitoring (SOC/Enterprise Security), and compliance use cases, ensuring high data quality, performance, availability, and cost efficiency across onpremises and cloud environments. Key Responsibilities Platform Architecture & Engineering Design, implement, and maintain Splunk architectures including Search Head Clusters, Indexer Clusters, Forwarder Infrastructure (incl. Heavy Forwarders), SmartStore, and Deployment Servers. Design and operate Cribl architectures including Stream, Edge, Pipelines, and Routes. Ensure scalable, highly available, and secure platform operations across onprem and cloud deployments. Data Ingestion & Management Plan and implement data ingestion pipelines using syslog, HTTP, Kafka, cloud-native logs, and APIs. Define and implement parsing, enrichment, and normalization standards (e.g., Splunk CIM). Ensure high data quality, reliability, continuous dataflow and usability for analytics and detection use cases. Integrate new log sources including applications, servers, network devices, cloud services, and security platforms. Performance, Scalability & Cost Control Perform performance tuning, capacity planning, and scalability design for highvolume log environments. Define and govern indexing strategies, retention policies, and data lifecycle management. Optimize license usage and operational costs through filtering, routing, and tiering strategies. Use Case & Content Development Develop and maintain IT operations, security (Enterprise Security), and compliance use cases. Design and implement dashboards, KPIs, alerts, and reports. Support security monitoring, threat detection, and incident response activities. Automation & Documentation Automate platform provisioning and configuration using Infrastructure as Code (IaC) and CI/CD pipelines. Create and maintain architecture documentation, operational runbooks, and standards. Collaboration & Communication Collaborate closely with SOC teams, security governance, IT infrastructure, and application teams. Coordinate with external service providers for platform operations and support. Advise internal stakeholders on logging, monitoring, observability, and security analytics requirements. Experience 5–8 years of overall experience in IT operations, monitoring, logging, observability, or security analytics platforms. 3+ years of handson experience designing, operating, and optimizing Splunk Enterprise environments. 2+ years of experience with Cribl (Stream and/or Edge). Experience working with largescale, highvolume log environments across onprem and cloud platforms. Proven collaboration with SOC teams, security analysts, and governance stakeholders. Experience in performance tuning, capacity planning, and cost optimization for logging platforms. Exposure to automation, scripting, and CI/CD in observability or security toolchains. SFIAAligned Skills Qualifications & Skills Mandatory Splunk Certifications: Core Certified Power User and Admin; Enterprise Security Administrator or Architect. Cribl: Stream Administrator/Engineer or equivalent experience. Strong knowledge of log ingestion, parsing, enrichment, and normalization. Understanding of IT security and compliance frameworks (e.g., ISO 27001, GDPR). Strong handson experience with Linux, networking protocols, and cloud platforms. Desirable Experience with automation tools (Ansible, Python). Exposure to DevOps and CI/CD practice\"