Kentro ยท 1 day ago
Mid-Level Splunk Analyst (Migration Specialist)
United States
Full-time
Remote
Mid Level
3+ years expKentro is a company focused on innovation and collaboration, seeking a dedicated Mid-Level Splunk Analyst to support a migration effort for a major financial institution. The role involves executing the migration of observability workloads from Splunk Observability Cloud to Observe Inc., including query translation and data optimization.
Information Technology & Services
Responsibilities
Execute the inventorying of dashboards and saved searches via SOC REST APIs to prepare for migration
Manually translate Splunk (SPL) queries into Observe (OPAL) with high semantic fidelity, ensuring critical financial logic (e.g., fraud detection filters) is preserved
Perform all code translations and query logic updates manually or via approved scripts; the use of AI tools (e.g., O11y GPT) is strictly prohibited for this project due to security and accuracy requirements
Assist in configuring data ingestion pipelines using OpenTelemetry agents and intermediaries like Cribl or Fluent Bit
Map data models to Observe's Snowflake-backed data lake and implement sampling strategies (e.g., 10-20% for traces) during testing phases
Rebuild and validate dashboards in the Observe UI/API for real-time monitoring
Conduct parallel query comparisons and replay scripts to validate data accuracy between the legacy Splunk environment and the new Observe environment
Monitor ingestion health and anomaly detection post-migration to ensure user adoption and reduce alert fatigue
Maintain rigorous Git-versioned documentation of all migration scripts, configurations, and rollback plans
Participate in retrospectives to refine processes for financial audits and scalability
Qualification
Required
Education - Bachelor's degree (BA/BS) in Computer Science, Information Systems, Engineering, or a related field
3-5 years of hands-on experience in Splunk engineering or analysis, specifically focused on event processing and dashboard management
Proven experience working in complex IT environments; prior experience in the financial sector is highly valued due to the low-latency nature of the data
Deep Splunk Proficiency: Strong command of SPL, knowledge management, pre / post indexing data transformations and event management, as this will be the foundation for learning Observe
Scripting Skills: Competency in Python or Bash for API interactions (e.g., Splunk SDK) and automation tasks
Infrastructure as Code (IaC): Familiarity with tools like Terraform or Ansible for configuration management
Ability to explain technical concepts (such as query logic) to non-technical stakeholders or compliance teams
Strong problem-solving skills under pressure, particularly regarding data accuracy in volatile market environments
Preferred
Splunk Certifications: Certified Power User, Admin, or Architect credentials
Observability Exposure: Prior exposure to Observe Inc. or the OPAL language is a plus, though comprehensive training will be provided
Intermediary Tools: Experience with Cribl or Vector for data forwarding and routing
ITSM Integration: Familiarity with integrating monitoring tools into platforms like ServiceNow or PagerDuty
Active or ability to obtain and maintain Security Clearance is highly preferred
Benefits
Paid time off
Healthcare benefits
Supplemental benefits
401k including an employer match
Discount perks
Rewards
Education reimbursement for certifications, degrees, or professional development
Company
Kentro
IT Concepts has transformed into Kentro - your center for innovation, excellence, and growth.
501-1000 employees
Funding
Current Stage
Late StageCompany data provided by crunchbase