Support Engineer - Geylang

We are looking for Support Engineer, the proposed Splunk Engineer shall have the following qualifications:

• At least 3 years’ experience working on Splunk system
• Possess Splunk Enterprise Certified Admin certifications or equivalent.
• The Splunk Engineer shall perform critical high-risk works during maintenance windows specified by the Client, which may be off-office hours or during weekends.
• The Splunk Engineer shall be responsible of all the corrective and preventive maintenance of the Splunk systems in all environments.
• The Splunk Engineer shall remediate all vulnerabilities or penetration test findings pertaining to the Splunk systems.
• The Splunk Engineer can raise tickets to Splunk principal for support and queries.

1. Perform checks and troubleshoot, if necessary, to ensure the Client’s Splunk services are running as intended for all environments.
2. Maintain and monitor Splunk infrastructure (Search Heads, Indexers, Forwarders, Deployment Server, Cluster Master, etc.).
3. Ensure uptime and system health via monitoring, tuning, and log analysis (including introspection, metrics logs).
4. Manage indexing performance and storage usage: data retention, index lifecycle, bucket management.
5. Generate and check reports from the system to ensure the system and agents are working as intended
6. Perform checks and troubleshoot, if necessary, to ensure that the Splunk forwarders (agents) are working and can pipe logs back to Splunk systems.
7. Perform checks and troubleshoot, if necessary, to ensure the Splunk systems can receive logs from sources such as CloudWatch or syslog servers.
8. Integrate Splunk with the Client’s systems and processes to perform real-time monitoring and alert when Splunk infrastructure is not working well, so that issues can be attended to early. (e.g., log breaks, disconnected agents, search-head hung from insufficient resources, etc)
9. Fine tune Splunk rules according to the Client’s request.
10. Perform parser validation or write new custom parser according to the Client’s request
11. Work closely with the Client’s SOC to ensure Splunk supports threat detection, auditing, and incident response use cases.
12. Change the passwords for all privilege and services accounts for the Splunk systems regularly
13. Ensure the Splunk systems is working as intended during the Client’s periodic BCP and DR exercises.

1. Investigate problems and provide assistance to triage issues.
2. Correct defects in the System, including temporary corrections or workarounds until permanent fixes or updates are available.
3. Prepare incident report including the root cause analysis and necessary resolution
4. Track and report issues, support cases and incident resolutions on a weekly basis.

1. Monitor Security advisory, new releases, notifications and maintenance expiry dates for all Software used in the System and assess the impact, if any.
2. Recommend to the Client the best course of action to take and provide all relevant documentation.
3. If the issue arises from a security vulnerability or software incompatibility, the RE shall evaluate and implement fixes to address the vulnerability or incompatibility.
4. Check and remediate findings from the Client’s periodic vulnerability and compliance scans.
5. Track and update the Client on the DLP End of Life (EOL) and End of Support (EOS) and plans to maintain product supportability.

1. Deploy and test system changes in the non-Production environments when required.
2. Demonstrate that System functionality and performance are not degraded.
3. Implement the system changes into the Production environment upon the Client’s acceptance of the testing results.
4. Implementation of additional use cases, report design and development and tuning to reduce false positives and negatives.

1. Create or provide the Client with all System related documentation, including standards and procedures, operation manuals, workflows, processes, etc.
2. Update the relevant documentation when changes are made to the System or processes.