Required
Current Splunk Enterprise Certified Admin certification
At least five (5) years of experience with Splunk in distributed deployments and at least one (1) year of experience with Splunk Cloud environments
Experience with Splunk Enterprise Security
Excellent written and oral skills, ability to work closely with multiple customers, manage expectations and track engagement scope
Experience with Splunk Enterprise Security or integration with other Security Information and Event Management (SIEM) platforms
Proficient at search time activities including parsing and normalizing events to the Splunk Common Information Model (CIM)
Proficiency in utilizing data on boarded by Splunk-developed add-ons (e.g. Windows, Linux, and common third-party devices and applications)
Proficient in regular expressions
Must be able to effectively collaborate and work with others in a remote work environment

Preferred
Current Splunk Enterprise Security Certified Admin certification
Knowledge of JIRA and Confluence