📍 Melbourne VIC
⏳ 6+ Month Contract
💰 Competitive Daily Rate
About the Role
We are working with a global consulting organisation delivering large-scale programs across government and enterprise environments. They are seeking a mid to senior Splunk Data Administrator to take ownership of data onboarding, normalization, and overall data quality across a complex hybrid Splunk environment (on-premise and cloud).
This is a hands-on role suited to someone who thrives in complex environments and enjoys working across the full data lifecycle, from ingestion through to optimisation and governance.
Key Responsibilities
- Lead end-to-end onboarding of log sources, including requirements gathering, parsing, testing, and deployment
- Drive CIM normalization and ensure alignment with Splunk data models to support security and operational use cases
- Design and implement field extractions using regex, props.conf, transforms.conf, and structured parsing techniques
- Manage and optimise Splunk data pipelines across hybrid environments, ensuring performance, reliability, and data quality
- Configure and maintain Splunk components including Search Heads, Indexers, forwarders, and deployment infrastructure
- Monitor ingestion performance, troubleshoot issues, and implement best practices for data governance and lifecycle management
- 5–10 years’ experience in Splunk administration and data onboarding
- Strong expertise in:
- CIM normalization, data modelling, and SPL validation
- Field extraction, parsing, and sourcetype configuration
- Splunk architecture including Search Heads, Indexers, clusters, and forwarders
- Experience working in complex or hybrid Splunk environments (on-premise and cloud)
- Knowledge of Linux environments (RHEL, Amazon Linux)
- Exposure to AWS services such as EC2, S3, IAM, and CloudWatch is highly regarded
- Experience with automation tools such as Ansible, Terraform, or CI/CD pipelines is advantageous
- Splunk certifications (Admin, Power User, ES Admin)
- Experience with Splunk Enterprise Security (ES)
- Familiarity with modern ingestion methods such as HEC, APIs, or cloud-native logging tools
- Based in Melbourne or willing to relocate
- Australian working rights required
- Open to Working Holiday Visa holders
- No local experience required
- Opportunity to work on large-scale, enterprise Splunk environments
- Exposure to modern cloud and hybrid architectures
- Supportive team environment with strong onboarding and knowledge sharing
- Ideal entry point into the Australian market with a global employer
📞 0480 002 456
✉️ dylans@whizdom.com.au
