SPLUNK Enterprise and ITSI Expert

Summary: The SPLUNK Enterprise and ITSI Expert role involves designing, deploying, and operating Splunk solutions in hybrid environments, with a focus on data onboarding, performance tuning, and security governance. The position requires on-site presence three days a week in either Sheffield, Birmingham, or London, and is structured as a PAYE through umbrella company arrangement. The contract is set to last until November 30, 2026, with a competitive daily rate.

Key Responsibilities:

• Design, deploy, and operate Splunk Enterprise and ITSI for hybrid Kubernetes/OpenShift environments.
• Onboard data at scale (HEC, Universal Forwarder/Deployment Server), align to CIM, and enforce RBAC, retention, and cost guardrails.
• Build ITSI service decompositions, KPIs/multi-KPI thresholds, NEAP policies, glass tables, deep dives, and service health scoring.
• Create OpenShift-focused exec/ops views: cluster health (API/etcd), node readiness/pressure, pod restart hotspots, network/storage errors, capacity and quota/bursting visibility.
• Tune search and platform performance: workload rules, concurrency, DMA, summary indexing, and scheduling hygiene.
• Implement alerting, enrichment, routing to ITSM/ChatOps, suppression windows, maintenance schedules, and runbook automation.
• Govern ingest and security: allow/deny lists, PII handling, TLS, token governance, index/role mapping, and data quality SLAs.
• Integrate upstream sources and pipelines: OpenTelemetry, Prometheus exporters, Fluentd/Fluent Bit/Vector, Kafka, CMDB/ITSM enrichments, AIOps/ML anomaly detection.

Key Skills:

• Splunk Enterprise: SPL mastery, CIM alignment, KV/lookups/macros, saved searches, index/retention/RBAC design, search performance tuning.
• Splunk ITSI: Service trees, KPIs, adaptive/time-based thresholds, NEAP tuning, glass tables, deep dives, Service Analyzer configuration.
• OpenShift/Kubernetes observability: Cluster/control-plane metrics, kube events/logs, workload/node/network/storage correlation, capacity and noisy-neighbor detection.
• Data pipelines & collectors: OpenTelemetry (OTLP), Prometheus scraping, Fluentd/Fluent Bit/Vector, Kafka (TLS), HEC/UF/DS onboarding.
• Reliability & SLOs: Golden signals, rollout/rollback health checks, SLO/KPI mapping to namespaces/apps, executive and ops dashboards.
• Performance & cost optimization: Workload rules, DMA, summary indexing, schedule optimization, license/cost guardrails.
• Security & compliance: TLS/mTLS, token and cert hygiene, PII controls, auditability, role/index mappings.
• Automation & integrations: ITSM/ChatOps routing, runbooks, CMDB enrichment, webhook/AIOps integrations.

Salary (Rate): £520 daily

City: Sheffield

Country: United Kingdom

Working Arrangements: hybrid

IR35 Status: inside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

SPLUNK Enterprise and ITSI Expert
Location: 3 days on site in either Sheffield/Birmingham/London
Duration: 30/11/2026
Rate £529

MUST BE PAYE THROUGH UMBRELLA

Key Responsibilities

• Design, deploy, and operate Splunk Enterprise and ITSI for hybrid Kubernetes/OpenShift environments.
• Onboard data at scale (HEC, Universal Forwarder/Deployment Server), align to CIM, and enforce RBAC, retention, and cost guardrails.
• Build ITSI service decompositions, KPIs/multi-KPI thresholds, NEAP policies, glass tables, deep dives, and service health scoring.
• Create OpenShift-focused exec/ops views: cluster health (API/etcd), node readiness/pressure, pod restart hotspots, network/storage errors, capacity and quota/bursting visibility.
• Tune search and platform performance: workload rules, concurrency, DMA, summary indexing, and scheduling hygiene.
• Implement alerting, enrichment, routing to ITSM/ChatOps, suppression windows, maintenance schedules, and runbook automation.
• Govern ingest and security: allow/deny lists, PII handling, TLS, token governance, index/role mapping, and data quality SLAs.
• Integrate upstream sources and pipelines: OpenTelemetry, Prometheus exporters, Fluentd/Fluent Bit/Vector, Kafka, CMDB/ITSM enrichments, AIOps/ML anomaly detection.

Required Skills

• Splunk Enterprise: SPL mastery, CIM alignment, KV/lookups/macros, saved searches, index/retention/RBAC design, search performance tuning.
• Splunk ITSI: Service trees, KPIs, adaptive/time-based thresholds, NEAP tuning, glass tables, deep dives, Service Analyzer configuration.
• OpenShift/Kubernetes observability: Cluster/control-plane metrics, kube events/logs, workload/node/network/storage correlation, capacity and noisy-neighbor detection.
• Data pipelines & collectors: OpenTelemetry (OTLP), Prometheus scraping, Fluentd/Fluent Bit/Vector, Kafka (TLS), HEC/UF/DS onboarding.
• Reliability & SLOs: Golden signals, rollout/rollback health checks, SLO/KPI mapping to namespaces/apps, executive and ops dashboards.
• Performance & cost optimization: Workload rules, DMA, summary indexing, schedule optimization, license/cost guardrails.
• Security & compliance: TLS/mTLS, token and cert hygiene, PII controls, auditability, role/index mappings.
• Automation & integrations: ITSM/ChatOps routing, runbooks, CMDB enrichment, webhook/AIOps integrations.