• Splunk SaaS Engineer (Remote)

    Cognizant (Louisville, KY)


    Job Summary:

    The Splunk Cloud L3 Support Engineer serves as a deep technical expert responsible for advanced design, configuration, integration, automation, and troubleshooting of Splunk Cloud environments. This role goes beyond L2 scope, focusing on complex issues, performance optimization, and strategic scaling to ensure high availability and compliance.

    In this role, you will:

    1.** **Advanced Troubleshooting & RCA

     

    Resolve complex ingestion failures involving custom source types.

     

    Debug search performance with Job Inspector and search.log.

     

    Investigate index replication lag (if Hybrid Search Head Clusters are used).

     

    Conduct deep RCA for outages or recurring ingestion failures.

     

    2. Splunk Cloud Configuration Management

     

    Create, modify, and decommission indexes with retention policies.

     

    Manage HEC tokens and ACS API-based configuration changes.

     

    Maintain limits.conf, props.conf, transforms.conf changes via app deployment.

     

    Work with Splunk Support for backend configuration requests.

     

    3. Data Onboarding (Advanced & Custom)

     

    Create custom field extractions (regex-based) for unstructured logs.

     

    Implement line-breaking rules for multiline events.

     

    Configure complex ingestion pipelines with filtering, masking, and routing.

     

    Ensure full CIM data model compliance for Security/ITSI/ES apps.

     

    4. Search & Performance Optimization

     

    Redesign slow SPL queries with tstats, accelerated data models, or summary indexes.

     

    Apply Workload Management rules to control resource usage.

     

    Tune indexing performance by optimizing ingestion pipelines.

     

    5. Security & Compliance

     

    Conduct periodic user access reviews.

     

    Monitor and respond to security events in internal audit indexes.

     

    Apply encryption, masking, and anonymization for sensitive data.

     

    Maintain compliance documentation for SOC 2, ISO, PCI-DSS, HIPAA.

     

    6. Integration & Automation

     

    Build integrations with ServiceNow, SOAR, cloud platforms (AWS/GCP/Azure).

     

    Develop ACS CLI/REST API automation scripts for repeatable tasks.

     

    Manage Splunkbase & private app lifecycle (install, upgrade, patch).

     

    7. Change & Release Management

     

    Plan and implement Splunk app upgrades with rollback testing.

     

    Coordinate maintenance windows with Splunk Cloud Operations.

     

    Maintain CI/CD pipelines for Splunk configuration deployments.

     

    8. Capacity & Scaling

     

    Forecast license and storage requirements based on usage trends.

     

    Plan and execute index retention changes.

     

    Work with Splunk on backend scaling requests.

     

    9. Mentoring & Knowledge Sharing

     

    Train L2 teams on advanced troubleshooting techniques.

     

    Review and approve L2-created onboarding playbooks.

    Work model:

    At Cognizant, we strive to provide flexibility wherever possible, and we are here to support a healthy work-life balance though our various wellbeing programs. Based on this role’s business requirements, this is a remote position for applicants in the United States.

     

    The working arrangements for this role are accurate as of the date of posting. This may change based on the project you’re engaged in, as well as business and client requirements. Rest assured; we will always be clear about role expectations.

     

    We're excited to meet people who share our mission and can make an impact in a variety of ways. Don't hesitate to apply, even if you only meet the minimum requirements listed. Think about your transferable experiences and unique skills that make you stand out as someone who can bring new and exciting things to this role.

    Salary and Other Compensation:

    Applications will be accepted until November 20, 2025

     

    The annual salary for this position is between $91,000 to $107,000 depending on the experience and other qualifications of the successful candidate.

     

    This position is also eligible for Cognizant’s discretionary annual incentive program, based on performance and subject to the terms of Cognizant’s applicable plans.

     

    **Benefits:** Cognizant offers the following benefits for this position, subject to applicable eligibility requirements:

    + Medical/Dental/Vision/Life Insurance

    + Paid holidays plus Paid Time Off

    + 401(k) plan and contributions

    + Long-term/Short-term Disability

    + Paid Parental Leave

    + Employee Stock Purchase Plan

    **Disclaimer:** The salary, other compensation, and benefits information is accurate as of the date of this posting. Cognizant reserves the right to modify this information at any time, subject to applicable law.

    \#LI-MA1#CB #Ind123

    Cognizant is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.