Administrator

Title - Splunk Administrator

Location - Alpharetta, GA; Charlotte, NC; Chicago, IL; Conshohocken, PA; Denver, CO; Fargo, ND; Garden City, NY; Houston, TX; Lubbock, TX; Morristown, NJ; Mt Juliet, TN; New York, NY; Purchase, NY; Topeka, KS (onsite)

The Splunk Administrator is responsible for supporting and maintaining Sompo’s Splunk Cloud

environment and associated log ingestion components. This role ensures reliable data collection across diverse sources, monitors platform health and capacity, and performs ongoing administration, updates, and configuration to support security operations and analytics.

· Monitor log ingestion volumes and platform health using custom searches and Splunkbase tools.

· Ensure reliable log delivery and troubleshoot ingestion interruptions across supported sources.

· Administer intermediate log collection components, including Logstash, syslog, Heavy Forwarders,

and related services.

· Manage Splunk application configurations on Universal Forwarders using the Splunk Deployment

Server.

· Perform Universal Forwarder upgrades and maintenance to address security, stability, and version

requirements.

· Manage and update Splunk applications within the Splunk Cloud environment.

· Collaborate with security and infrastructure teams to support onboarding of new log sources.

· Document configurations, procedures, and troubleshooting steps for operational use.

Hands-on experience administering:

· 3–5 years of hands‑on experience administering Splunk in an enterprise environment.

· Splunk Cloud and on-prem Splunk infrastructure, including Heavy Forwarders, Deployment Server,

and Universal Forwarders.

· HTTP Event Collector (HEC).

· Common Splunk Technology Add-ons (TAs), including Azure, Okta, and other cloud services.

· Splunk data models and data normalization practices.

· Splunk features such as alert actions, SAML-based authentication, KV store, and lookups.

· Splunk role-based access controls and permission models.

· Data management features including DDAS and reindexing processes.

Familiarity with:

· Azure Event Hubs, Kafka, Log Analytics Workspaces, and cloud-based logging pipelines.

· Windows Event Collection (WEC) and Windows Event Forwarding (WEF).

Compensation and Benefits

A candidate’s pay within the range will depend on their skills, experience, education, and other factors permitted by law. This role may also be eligible for performance-based bonuses subject to company policies. In addition, this role is eligible for the following benefits subject to company policies: medical, dental, vision, pharmacy, life, accidental death & dismemberment, and disability insurance; employee assistance program; 401(k) retirement plan; 10 days of paid time off per year (some positions are eligible for need-based leave with no designated number of leave days per year); and 10 paid holidays per year.

Disclaimer

HCL is an equal opportunity employer, committed to providing equal employment opportunities to all applicants and employees regardless of race, religion, sex, color, age, national origin, pregnancy, sexual orientation, physical disability or genetic information, military or veteran status, or any other protected classification, in accordance with federal, state, and/or local law. Should any applicant have concerns about discrimination in the hiring process, they should provide a detailed report of those concerns to secure@hcltech.com for investigation.