Splunk Database Administrator

Splunk Data Administrator
📍 Melbourne VIC
⏳ 6+ Month Contract
💰 Competitive Daily Rate

About the Role
We are working with a global consulting organisation delivering large-scale programs across government and enterprise environments. They are seeking a mid to senior Splunk Data Administrator to take ownership of data onboarding, normalization, and overall data quality across a complex hybrid Splunk environment (on-premise and cloud).

This is a hands-on role suited to someone who thrives in complex environments and enjoys working across the full data lifecycle, from ingestion through to optimisation and governance.

Key Responsibilities

• Lead end-to-end onboarding of log sources, including requirements gathering, parsing, testing, and deployment
• Drive CIM normalization and ensure alignment with Splunk data models to support security and operational use cases
• Design and implement field extractions using regex, props.conf, transforms.conf, and structured parsing techniques
• Manage and optimise Splunk data pipelines across hybrid environments, ensuring performance, reliability, and data quality
• Configure and maintain Splunk components including Search Heads, Indexers, forwarders, and deployment infrastructure
• Monitor ingestion performance, troubleshoot issues, and implement best practices for data governance and lifecycle management

Skills & Experience

• 5–10 years’ experience in Splunk administration and data onboarding
• Strong expertise in:
  • CIM normalization, data modelling, and SPL validation
  • Field extraction, parsing, and sourcetype configuration
  • Splunk architecture including Search Heads, Indexers, clusters, and forwarders
• Experience working in complex or hybrid Splunk environments (on-premise and cloud)
• Knowledge of Linux environments (RHEL, Amazon Linux)
• Exposure to AWS services such as EC2, S3, IAM, and CloudWatch is highly regarded
• Experience with automation tools such as Ansible, Terraform, or CI/CD pipelines is advantageous

Nice to Have

• Splunk certifications (Admin, Power User, ES Admin)
• Experience with Splunk Enterprise Security (ES)
• Familiarity with modern ingestion methods such as HEC, APIs, or cloud-native logging tools

Candidate Requirements

• Based in Melbourne or willing to relocate
• Australian working rights required

We strongly encourage applications from candidates who are new to Australia or looking to gain local experience.

• Open to Working Holiday Visa holders
• No local experience required

Why Apply?

• Opportunity to work on large-scale, enterprise Splunk environments
• Exposure to modern cloud and hybrid architectures
• Supportive team environment with strong onboarding and knowledge sharing
• Ideal entry point into the Australian market with a global employer

📩 Apply now or contact Dylan Sheoshker
📞 0480 002 456
✉️ dylans@whizdom.com.au