Aanvraag

16192
03-04-2026
Splunk SIEM Administration Support
Mons, Belgium

Duties 

Splunk / SIEM Administration

  • Administer and maintain the full Splunk stack:

    • Splunk Enterprise

    • Splunk Enterprise Security (ES)

    • Splunk SOAR

    • Splunk UBA

  • Support a distributed environment:

    • 50 T3 enclaves (high-side low-side)

    • T2 SIEM (80 Linux servers)

    • 350 Splunk servers total

Automated Deployment & Configuration

  • Maintain Splunk configuration consistency using full automation

  • Use Git Ansible to manage deployments and changes

  • Minimize or eliminate manual intervention

Log Collection & Data Management

  • Manage log collection from 20,000 endpoints / appliances / cloud sources

  • Ensure the full log lifecycle:

    • ingestion, parsing, normalization

    • storage and retention

    • categorization and enrichment

    • monitoring of data flows and data quality

  • Support onboarding of new log sources (projects customer requests)

Reliability & Service Quality

  • Ensure Splunk ES and correlation rules are properly configured and operational

  • Monitor platform health and uptime

  • Improve quality while minimizing downtime

Coordination & Support

  • Act as technical point of contact for log source onboarding

  • Coordinate with log source owners and stakeholders

  • Work in a co-managed environment where Linux OS is managed by another entity (but Splunk team still needs privileged actions like syslog/SELinux)

Documentation & Processes

  • Maintain and improve runbooks, operational processes, troubleshooting guides

  • Keep architecture and deployment documentation up to date

  • Follow internal workflows (Change Requests, admin tasks, ITSM/COMS tickets)

User Access Management

  • Manage Splunk users, roles, and RBAC permissions

  • Support users with access/authentication and platform issues

Requirements

Proposal Content

  • A maximum 10-page approach (A4)

  • Must demonstrate understanding of:

    • managing 350 Splunk nodes using Git/Ansible

    • T2/T3 architecture and data flow (data stored at T2)

    • Splunk admin role vs security analyst role (must be clearly Splunk admin)

    • Splunk on Linux in a co-managed OS environment (SELinux/syslog/privileged access)

    • stakeholder coordination and onboarding support for log source owners

  • Include:

    • relevant similar experience

    • CV(s) of assigned personnel

    • bidder proposes team size (max 2 personnel onsite)

Mandatory Profile (Skills & Experience)

  • Splunk Administrator experience (minimum 2 years) in complex distributed environments

    • Indexer clustering, search head clustering, multi-site

    • deep Splunk configuration and lifecycle management

    • deployment server management

    • must be Splunk admin (not mainly SOC/security analyst)

  • Linux experience (minimum 2 years)

    • strong CLI and permissions (UID/GID, ACLs)

    • install/configure/troubleshoot Splunk on Linux

    • focus is application-level (not kernel/hardware)

  • Networking & IT Security fundamentals

    • DNS, HTTP(S), SSH, syslog, TCP/IP, TLS/SSL

    • log integrity, encryption in transit, RBAC

  • Automation & scripting

    • Ansible playbooks

    • Python Bash scripting

    • Git workflow (branch/commit/merge)

Operational Requirements

  • Onsite at SHAPE, Mons, Belgium

  • Business hours coverage:

    • Mon–Thu 08:30–17:30

    • Fri 08:30–15:30

  • NATO SECRET security clearance required

  • Must work via ITSM COMS ticketing

  • Reporting:

    • Monthly report (by the 5th)

    • Quarterly report (by the 15th)

Reageren op aanvraag