Stellar Consulting Solutions, LLC
Senior System Engineer
Stellar Consulting Solutions, LLC, San Jose, California, United States, 95199
Base pay range
$60.00/hr - $65.00/hr
Location :: San Jose-South
Contract -W2 Type
Job Description
The most important duties are Operate and harden a multi-site Splunk Enterprise environment (indexer clustering, SHC, deployer/deployment server, RBAC, app lifecycle). Monitor and tune ingestion, search, and storage (RF/SF validation; bucket health; NFS tuning; queue depths). Lead data onboarding projects across on-prem, SaaS, cloud (Azure/AWS), K8s; ensure auditability and data-handling policy compliance. Build/optimize SPL, dashboards, alerts; coach consumers on SPL and performance patterns (tstats, accelerations, base/inline searches). Maintain DR posture and execute/verify failovers. What this job needs to be successful is (traits and characteristics) 3–5+ years administering Splunk Enterprise at multi-TB/day scale, including indexer clustering and SHC in multi-site deployments. Expert SPL and performance tuning (tstats, data models/accelerations, search optimization). Deep data-onboarding skills (forwarders/syslog/HEC) and props.conf/transforms.conf mastery (timestamps, line-breaking, field extraction, value normalization). Experience with NFS-backed indexers (operational tuning/gotchas). Clear communicator with a customer-enablement mindset; documents well; bias for automation. Nice-to-have: Splunk Architect cert; experience with ES, ITSI, MLTK, and SOAR; familiarity with data-science/ML concepts (to partner with teams, not to lead research). The simplest and easiest way to see that this job is done well is… Cluster health green: RF/SF consistently met; successful failover tests. Low ingest error rate and low data latency to index; stable license utilization. Search KPIs: median and P95 search times within agreed SLOs; reduced scheduler/skipped search rates. Clean data: correct timestamps, low unknown source types, stable field extraction accuracy. User outcomes: growing self-service usage, actionable dashboards/alerts, and satisfied internal customers (shorter MTTR for incidents). No audit/compliance exceptions related to Splunk data handling or access controls. Seniority level Mid-Senior level Employment type Contract Job function Administrative and Information Technology Industries IT Services and IT Consulting and Administrative and Support Services
#J-18808-Ljbffr
The most important duties are Operate and harden a multi-site Splunk Enterprise environment (indexer clustering, SHC, deployer/deployment server, RBAC, app lifecycle). Monitor and tune ingestion, search, and storage (RF/SF validation; bucket health; NFS tuning; queue depths). Lead data onboarding projects across on-prem, SaaS, cloud (Azure/AWS), K8s; ensure auditability and data-handling policy compliance. Build/optimize SPL, dashboards, alerts; coach consumers on SPL and performance patterns (tstats, accelerations, base/inline searches). Maintain DR posture and execute/verify failovers. What this job needs to be successful is (traits and characteristics) 3–5+ years administering Splunk Enterprise at multi-TB/day scale, including indexer clustering and SHC in multi-site deployments. Expert SPL and performance tuning (tstats, data models/accelerations, search optimization). Deep data-onboarding skills (forwarders/syslog/HEC) and props.conf/transforms.conf mastery (timestamps, line-breaking, field extraction, value normalization). Experience with NFS-backed indexers (operational tuning/gotchas). Clear communicator with a customer-enablement mindset; documents well; bias for automation. Nice-to-have: Splunk Architect cert; experience with ES, ITSI, MLTK, and SOAR; familiarity with data-science/ML concepts (to partner with teams, not to lead research). The simplest and easiest way to see that this job is done well is… Cluster health green: RF/SF consistently met; successful failover tests. Low ingest error rate and low data latency to index; stable license utilization. Search KPIs: median and P95 search times within agreed SLOs; reduced scheduler/skipped search rates. Clean data: correct timestamps, low unknown source types, stable field extraction accuracy. User outcomes: growing self-service usage, actionable dashboards/alerts, and satisfied internal customers (shorter MTTR for incidents). No audit/compliance exceptions related to Splunk data handling or access controls. Seniority level Mid-Senior level Employment type Contract Job function Administrative and Information Technology Industries IT Services and IT Consulting and Administrative and Support Services
#J-18808-Ljbffr