Job details

You are in: Home » Jobs » Second Level Support Splunk Architect

Job Details

  • Location: Germany
  • Pay: €50 per hour

Share this job

Second Level Support Splunk Architect

  • Contract
  • Anywhere

Second Level Support Splunk (Financial Sector)

General Information

  • Position: Second Level Support Engineer (Splunk)
  • Industry: Financial services (banking, insurance, asset management)
  • Employment type: External consulting / service contract
  • Working model: Remote
  • Languages: English (C1), German (professional level B2)

Role Description

The position is part of IT operations and is responsible for handling Splunk-related incidents, service requests, and problems at the second-level support stage.

The focus is on:

  • Stable system operations
  • Regulatory compliance
  • Close collaboration with first-level support, development (third-level support), and Splunk Professional Services

Tasks and Responsibilities

Technical Operations and Support

  • Independently handle and resolve Splunk incidents (ITIL P1–P4)
  • Diagnose and fix platform issues (indexer clusters, search head clusters, forwarders, heavy forwarders)
  • Analyze and optimize performance (searches, dashboards, scheduled searches)
  • Administer Splunk Enterprise and Splunk Cloud (user management, RBAC, apps, add-ons)
  • Configure and maintain data sources, inputs, and index policies

Security and Compliance

  • Ensure compliant log aggregation (BAIT, MaRisk, DORA, GDPR)
  • Support SOC processes and SIEM operations (Splunk ES)
  • Participate in audits (documentation, evidence)
  • Implement security standards (BSI IT baseline protection, ISO 27001)

Further Development and Collaboration

  • Escalate and manage vendor support cases
  • Create and maintain documentation, runbooks, and knowledge articles
  • Support first-level and operations teams
  • Participate in upgrades, patches, and change management
  • Take part in on-call duty for critical systems

Technical Requirements

Mandatory

  • Minimum 3 years of hands-on Splunk experience
  • Splunk certification (min. Power User; Admin preferred)
  • Experience with distributed architectures (indexer cluster, search head cluster, deployment server)
  • Strong SPL (Search Processing Language) skills
  • Linux administration (RHEL, CentOS, Debian); basic Windows Server knowledge
  • Networking basics (TCP/IP, firewalls, proxies, TLS/SSL for log transport)

Preferred

  • Experience with Splunk ES or ITSI
  • SIEM/SOC experience (use cases, correlation rules, notable events)
  • Cloud/container experience (Kubernetes, Docker, AWS/Azure Splunk)
  • Scripting (Python or Bash)
  • Monitoring integrations (API, HEC, Syslog)
  • ITIL v4 knowledge or certification

Industry-Specific Requirements (Financial Sector)

  • Knowledge of regulations: BAIT, MaRisk, DORA, GDPR
  • Experience with logging requirements in banking/insurance (retention, integrity)
  • Understanding of compliance-relevant log sources (Active Directory, PAM, core banking systems)
  • Experience with sensitive data and security policies
  • Experience in regulated environments with formal change processes

Apply for Second Level Support Splunk Architect

Upload your CV/resume or any other relevant file. Max. file size: 1 MB.
Please indicate that you have read and agree to our privacy policy