Platform Engineer (Splunk)

At Sytac, we build high-performing engineering teams for leading organizations in the Netherlands and beyond. We combine a pragmatic, people-first culture with strong technical craftsmanship — giving engineers autonomy in real production environments, backed by a consultancy that invests in growth, community, and long-term partnerships.

For one of our large, enterprise-scale clients, we are looking for a Splunk Platform Engineer to own, operate, and optimize a mission-critical on-prem and hybrid Splunk ecosystem. This role is at the heart of the organization’s security monitoring (SIEM), enterprise logging, and observability strategy—ensuring that Security and IT operations have the high-quality telemetry they need to maintain resilience.

This is a hands-on engineering role focused on the architecture, scalability, and performance of a complex data platform in a high-stakes environment.

What you’ll do

• Architect and manage on-prem Splunk Enterprise environments, including Indexer clusters, Search Head clusters, and Forwarder management.

• Ensure platform resilience by managing high availability, disaster recovery, and multi-site clustering configurations.

• Optimize data engineering by designing index strategies, retention policies, and tiered storage (hot/warm/cold).

• Control ingestion volume through advanced filtering, routing, and parsing optimization to ensure cost-efficiency.

• Operate and tune Splunk Enterprise Security (ES), implementing correlation searches and risk-based alerting (RBA).

• Improve search performance by ensuring CIM compliance and efficient Data Model Acceleration (DMA).

• Enable hybrid observability by integrating Splunk Observability Cloud with on-prem infrastructure and APM pipelines.

• Automate platform lifecycle management, including version upgrades, patching, and capacity planning.

• Collaborate with SOC and App teams to align threat detection coverage with the MITRE ATT&CK framework.

• Govern the platform by tracking KPIs, managing licensing, and ensuring compliance with audit requirements.

What we’re looking for

• Senior-level experience in Splunk Platform Engineering within large-scale, distributed environments.

• Deep architectural knowledge of Splunk Enterprise (on-prem & hybrid), including clustering and deployment server management.

• Strong Data Engineering skills: Expert in SPL performance tuning, index design, and props/transforms configuration.

• Security & SIEM background: Hands-on experience with Splunk Enterprise Security (ES) and security framework mapping.

• Systems Administration expertise: Solid foundation in Linux/Windows server administration and storage platforms.

• Automation mindset: Proficiency in scripting (Python, Bash) and a preference for Infrastructure as Code (Ansible, Terraform).

• Communication & Leadership: Ability to translate platform telemetry into actionable insights for stakeholders and leadership.

• Fluent in English + EU residency (no sponsorship).

Tooling (must understand and use in practice): Splunk Enterprise, Splunk ES, Indexer/Search Head Clustering, Linux (RHEL/Ubuntu), Python/Bash, Git, and CIM mapping.

Nice to have

• Splunk Certifications: Splunk Enterprise Certified Architect or Splunk Admin.

• Observability exposure: Experience with OpenTelemetry (OTel) pipelines and Splunk Observability Cloud.

• Cloud & Containers: Knowledge of Splunk on Kubernetes or monitoring cloud-native workloads.