Splunk Security Engineer
At Zotec Partners, our People make it happen.
Transforming the healthcare industry isn't easy. But when you build a team like the one we have, that goal can become a reality. Our accomplishments can't happen without our extraordinary people – the men and women across the country who make up our diverse Zotec family and help make this company a best place to work.
Over 25 years ago, we started Zotec with a clear vision, to partner with physicians to simplify the business of healthcare. Today we are more than 900 employees strong and we continue to use our incredible talent and energy to bring that vision to life. We are a team of Innovators, Collaborators and Doers.
We're seeking a Splunk Security Engineer to join us.
This is a hands-on technical role where you'll serve as Zotec's Splunk Subject Matter Expert. You'll maintain our Splunk infrastructure (Enterprise, ES, ITSI, and Cloud) while enabling teams across the organization to leverage Splunk effectively.
What you'll do:
Platform Administration (Primary Focus)
- Manage Splunk Enterprise clusters, deployment servers, and forwarders
- Troubleshoot platform issues: performance, parsing failures, forwarder connectivity
- Configure data inputs and optimize license usage
- Plan and execute upgrades and maintain system health
- Create and maintain props.conf, transforms.conf, and other configurations
Technical Leadership & Training
- Serve as the company-wide Splunk SME and technical advisor
- Train users across Security, IT Operations, and Application teams
- Develop training materials and best practices documentation
- Provide guidance on dashboard creation and search optimization
- Build self-service capabilities for non-security teams
Security Operations Support
- Implement detection rules created by Security Detection Engineers in Splunk ES
- Build and optimize security dashboards for SOC use
- Ensure data models maintain CIM compliance
- Provide tier 3 Splunk support during incidents
- Tune search performance while maintaining detection accuracy
Data Management
- Onboard new data sources using forwarders, HEC, and technical add-ons
- Develop parsing rules for custom log formats
- Troubleshoot ingestion issues and data quality problems
- Work with development teams on logging standards
What you'll bring to Zotec:
Must Have:
- 3+ years hands-on Splunk administration experience (not just user experience)
- Proven expertise with distributed Splunk architectures
- Strong SPL and regex skills for complex queries and parsing
- Experience with Splunk ES or ITSI administration
- Linux/Unix command line proficiency
- Ability to explain technical concepts to diverse audiences
Preferred:
- Splunk certifications (Admin, Architect, ES Admin)
- Python or PowerShell scripting experience
- Splunk Cloud experience
- Experience training technical and non-technical users
Key Indicators of Fit:
- You've managed indexer and search head clusters
- You understand Splunk configuration file precedence
- You can optimize searches that are impacting performance
- You enjoy teaching others and sharing knowledge
- You're comfortable with on-call rotation for critical issues
At Zotec, you will enjoy a network of highly experienced professionals in an environment where you can operate with autonomy yet have the resources and backing of other professionals in a similar role. Entrepreneurial and enterprising is the spirit of our team. If you are an original thinker and opportunity seeker, we'd like to talk to you!
Learn more about our organization, by visiting us at www.zotecpartners.com
E-Verify and Equal Opportunity Employer