Splunk Administrator

Location: 6504

E. Thomas Rd, Scottsdale, AZ
Schedule: Monday–Friday | 7:00 AM – 3:30 PM
Hybrid: On-site Wednesday & Thursday

Turner Staffing Group is seeking an experienced OT Splunk Administrator to support a critical Operational Technology (OT) environment. This role is responsible for administering, optimizing, and maintaining the Splunk Enterprise platform across substations, grid management systems, telecom networks, data centers, and OT cybersecurity infrastructure.

This position plays a key role in supporting security operations and regulatory compliance initiatives, ensuring accurate log ingestion, advanced detection development, and reporting aligned with NERC CIP standards and internal compliance controls. The ideal candidate will thrive in high-visibility, high-stakes OT environments where reliability and security are paramount.

Administer and maintain Splunk Enterprise infrastructure (indexers, search heads, forwarders, deployment server, cluster management).

Perform performance tuning, system optimization, scaling, and capacity planning for OT workloads.

Install and configure Splunk Universal Forwarders across Windows, Linux, and applicable OT systems.

Manage Splunk apps, add-ons, data models, and knowledge objects.

Onboard and manage OT-related data sources including firewalls, switches/routers, SCADA-adjacent systems, VPN concentrators, RSA Secure

ID, Tripwire Enterprise, endpoint security platforms, and network monitoring tools.

Validate NERC CIP log retention and integrity requirements.

Develop dashboards, correlation searches, alerts, and compliance reports.

Create OT-specific detection use cases in collaboration with OT Network Security Analysts.

Troubleshoot ingestion failures, missing logs, and detection gaps.

Conduct root-cause analysis impacting OT security visibility.

Support incident response efforts through advanced Splunk queries, timelines, and forensic data exports.

Support internal and external audits through documentation, dashboards, and evidence extraction.

Ensure platform configurations align with NERC CIP standards (CIP-007, CIP-010, CIP-003 monitoring controls).

Maintain logging architecture documentation and operational procedures aligned with compliance governance standards.

Integrate Splunk with Service Now for automated alerting and ticketing workflows.

Collaborate with Firewall Governance, PKI, RSA, and VPN lifecycle stakeholders to enhance logging visibility.

Develop and maintain automation scripts using Python, Power Shell, or Bash.

Maintain operational runbooks, architectural documentation, and work registers.

Provide knowledge transfer and documentation to support long-term operational sustainability.

3–5+ years of experience administering Splunk Enterprise (preferably in utility, industrial, or OT environments).

Strong expertise in:

Splunk configuration, tuning, and troubleshooting

Windows and Linux server administration

Network security principles (firewalls, VPN, segmentation, routing)

Ability to obtain and maintain NERC CIP access requirements.

Bachelor's degree in Cybersecurity, Information Systems, Engineering, or related field (or equivalent experience).

Experience in utility OT environments (substations, telecom, control centers, generation facilities, pipelines).

Familiarity with Tripwire, RSA Secure

ID, SCADA systems, firewall governance frameworks, and NERC CIP requirements.

Experience with Splunk ES or Splunk ITSI.

Scripting and automation experience (Python, Power Shell, Bash).

Experience building dashboards, correlation searches, and detection content.

Advanced analytical and troubleshooting skills

Strong documentation and audit-evidence preparation capability

Cross-functional collaboration and stakeholder communication

Ability to operate effectively in complex, regulated OT environments

Accountability, follow-through, and operational consistency