Splunk Administrator

OT Splunk Administrator

Location: 6504 E. Thomas Rd, Scottsdale, AZ
Schedule: Monday–Friday | 7:00 AM – 3:30 PM
Hybrid: On-site Wednesday & Thursday

Position Overview

Turner Staffing Group is seeking an experienced OT Splunk Administrator to support a critical Operational Technology (OT) environment. This role is responsible for administering, optimizing, and maintaining the Splunk Enterprise platform across substations, grid management systems, telecom networks, data centers, and OT cybersecurity infrastructure.

This position plays a key role in supporting security operations and regulatory compliance initiatives, ensuring accurate log ingestion, advanced detection development, and reporting aligned with NERC CIP standards and internal compliance controls. The ideal candidate will thrive in high-visibility, high-stakes OT environments where reliability and security are paramount.

Key Responsibilities

Splunk Platform Administration

• Administer and maintain Splunk Enterprise infrastructure (indexers, search heads, forwarders, deployment server, cluster management).

• Perform performance tuning, system optimization, scaling, and capacity planning for OT workloads.

• Install and configure Splunk Universal Forwarders across Windows, Linux, and applicable OT systems.

• Manage Splunk apps, add-ons, data models, and knowledge objects.

OT Log Ingestion & Detection Development

• Onboard and manage OT-related data sources including firewalls, switches/routers, SCADA-adjacent systems, VPN concentrators, RSA SecureID, Tripwire Enterprise, endpoint security platforms, and network monitoring tools.

• Validate NERC CIP log retention and integrity requirements.

• Develop dashboards, correlation searches, alerts, and compliance reports.

• Create OT-specific detection use cases in collaboration with OT Network Security Analysts.

Security Operations Support

• Troubleshoot ingestion failures, missing logs, and detection gaps.

• Conduct root-cause analysis impacting OT security visibility.

• Support incident response efforts through advanced Splunk queries, timelines, and forensic data exports.

Regulatory & Compliance Support

• Support internal and external audits through documentation, dashboards, and evidence extraction.

• Ensure platform configurations align with NERC CIP standards (CIP-007, CIP-010, CIP-003 monitoring controls).

• Maintain logging architecture documentation and operational procedures aligned with compliance governance standards.

Automation & Integration

• Integrate Splunk with ServiceNow for automated alerting and ticketing workflows.

• Collaborate with Firewall Governance, PKI, RSA, and VPN lifecycle stakeholders to enhance logging visibility.

• Develop and maintain automation scripts using Python, PowerShell, or Bash.

Operational Governance

• Maintain operational runbooks, architectural documentation, and work registers.

• Provide knowledge transfer and documentation to support long-term operational sustainability.

Minimum Qualifications

• 3–5+ years of experience administering Splunk Enterprise (preferably in utility, industrial, or OT environments).

• Strong expertise in:

  • Splunk configuration, tuning, and troubleshooting

  • Log ingestion pipelines

  • Windows and Linux server administration

  • Network security principles (firewalls, VPN, segmentation, routing)

• Ability to obtain and maintain NERC CIP access requirements.

Preferred Qualifications

• Bachelor's degree in Cybersecurity, Information Systems, Engineering, or related field (or equivalent experience).

• Experience in utility OT environments (substations, telecom, control centers, generation facilities, pipelines).

• Familiarity with Tripwire, RSA SecureID, SCADA systems, firewall governance frameworks, and NERC CIP requirements.

• Experience with Splunk ES or Splunk ITSI.

• Scripting and automation experience (Python, PowerShell, Bash).

• Experience building dashboards, correlation searches, and detection content.

Key Competencies

• Advanced analytical and troubleshooting skills

• Strong documentation and audit-evidence preparation capability

• Cross-functional collaboration and stakeholder communication

• Ability to operate effectively in complex, regulated OT environments

• Accountability, follow-through, and operational consistency