We are seeking a Splunk Consultant for our MDR Professional Services department in Oslo.

The role combines work on the Splunk platform, development of SPL searches and dashboards, as well as work related to data ingestion and data pipelines.

Your responsibilities will include

• Managing and developing Splunk Enterprise and Splunk Cloud

• Developing dashboards, reports and visualisations

• Building and maintaining SPL searches, saved searches, alerts and other Splunk content

• Integrating new data sources and data pipelines

• Optimising data ingestion, parsing and structuring of log data

• Collaborating with analysts and technical teams to develop new use cases

An important part of the role will be contributing to the data foundation and Splunk content used in our Managed Detection and Response (MDR) services. At the same time, you will also work with other use cases where Splunk is used for analytics, business processes and operational insight for and with our customers.

Many of the environments we work in have a hybrid architecture where multiple logging and analytics platforms are used in parallel. Customers may use different SIEM, observability and logging platforms such as Splunk, Microsoft Sentinel or similar services in AWS and GCP, each serving different purposes. As a result, the role also involves working with integrations, data pipelines and data flows between these platforms:

• Splunk Enterprise, Splunk Cloud and Microsoft Sentinel

• Log collection from infrastructure, applications and security products

• Splunk Universal Forwarder, Heavy Forwarder and Splunk Edge Processor

• Data pipelines and log processing using tools such as Cribl

• Filtering, transformation and enrichment of log data before indexing

• Integration with cloud logging services such as Azure Analytics, AWS CloudTrail and CloudWatch

• Working with security logs from cloud platforms and SaaS services

• Integrations and data exchange with other analytics and security platforms such as Microsoft Sentinel, Google Chronicle and Amazon Security Lake

• API-based integrations and data collection from external systems

• Structuring, normalisation and optimisation of log data for analysis

• Working with indexing, data models and searchability in Splunk

Who we are looking for

Our ideal candidate is someone that:

• Has a minimum of a few years of experience with Splunk, Microsoft Sentinel or similar analytics platforms

• Has experience working with log data, data ingestion or data platforms

• Experience building dashboards, SPL searches or reports

• Is comfortable with technical troubleshooting and problem solving

• Is interested in how data can be used for analytics, operations or security

It is an advantage if you also have experience with:

• Cribl or other data pipeline tools

• Cloud platforms such as AWS, Azure or GCP

• Linux

• Python or other scripting languages

Certifications in Splunk or cloud platforms are not required, but relevant experience and an interest in continuing to develop your skills are important.

What we can offer

• An informal and pleasant working environment, with good opportunities for personal development and varied tasks

• A unique and experienced environment, with more than 300 security specialists who daily work on some of the most challenging and exciting professional issues within information security

• Competitive salary, share program, and bonus scheme, providing a basis for a long-term employment relationship, including pension and insurance schemes

• A safe working environment with a focus on social gatherings and events. We actively encourage an inclusive working life with a good balance between work and private life, adapted for families

• Pleasant offices at Solli Plass in Oslo, and good opportunities to work from home

• A workplace that time and again has been named one of the best in Norway and Europe