Senior Splunk Engineer

Bulbb Digital is an IT & Software Development Company based in Athens. We are working together with various clients in different industries and are currently looking for a Senior Splunk Engineer to join our team.

We are seeking an experienced Senior Splunk Engineer to take over and operate the on-premise Splunk SIEM platform of Customer. As part of the transition from Infosys, you will be responsible for stabilizing and continuously improving an existing enterprise-scale SIEM environment.

You will own all Splunk operations across Plan & Build, 24/7 Operations, Release & Patch Management, CIM-based Log Onboarding, Parser development, Hardening, Configuration Management, and Incident/Problem/Change processes.

The current platform landscape includes:

• 50+ Cribl Workers
• 10+ Splunk Forwarder / Heavy Forwarder
• Indexers
• Management Components
• Search Heads & GINX Load Balancer

Responsibilities

•  Plan & Build

Perform CIM-compliant log onboarding, parser creation, documentation.

Conduct onboarding due diligence and demand analysis.

Create Firewall/VPN/Routing change requests and validate changes.

Manage ingestion pipelines via Cribl, Syslog-ng (TLS), Splunk UF/HF, SCP.

Deploy and scale Splunk components using Terraform and Ansible.

Build trend and capacity analyses.

•  Operations (24/7 enterprise-grade operations)

Ensure full Splunk platform operation, monitoring, performance, EPS/log flow.

Handle Incidents, Service Requests, Changes, and Problems under

Lead Major Incident Management (P1/P2) with 24/7 on-call rotation.

Build and operate Health Check dashboards and QA reports.

• Configuration & Release Management

Implement approved changes across Splunk components.

Perform daily configuration backups (KV stores, Apps, Configs).

Maintain automation libraries (Terraform, Ansible, scripts).

Manage Splunk patching and releases (maintain N-1 level).

Support up to 12 minor + 1 major release per year.

• Security, Hardening & Compliance

System hardening and vulnerability remediation.

Operate via secure access methods (Jump hosts, SuSSHi, 2FA).

Conduct vulnerability scans and support SOC threat analysis.

Automate SOP-based operational workflows.

• Transition

Take over existing Splunk operations.

Validate and enhance current configurations, parsers, and deployments.

Ensure stability during transition and hypercare.

Requirements

Technical Skills

• 5–10 years Splunk/SIEM experience in large enterprises.
• Expertise in Splunk Architecture, CIM onboarding, parser development, Syslog-ng, certificates.
• Strong scripting: Terraform, Ansible, Bash/Python.
• Experience stabilizing existing SIEM environments.

Certifications (required)

Minimum two of:

• Splunk Core Certified User
• Splunk Core Certified Power User
• Splunk Enterprise Admin
• Splunk Enterprise Architect
• Optional: Splunk ES

Soft Skills

• Strong communication in enterprise environments.
• Clear documentation skills.
• Proactive, quality-driven work style.
• Fluent English (German beneficial).

Befefits:

• remotely work
• Attractive salary
• Independent work in collaboration with the team
• Friendly team environment
• Professional training opportunities
• Joint visits to events and conferences
• Flat management hierarchy
• Open door policy