Job Description
OT Splunk Administrator
Location: 6504 E. Thomas Rd, Scottsdale, AZ
Schedule: Monday–Friday | 7:00 AM – 3:30 PM
Hybrid: On-site Wednesday & Thursday
Position Overview
Turner Staffing Group is seeking an experienced OT Splunk Administrator to support a critical Operational Technology (OT) environment. This role is responsible for administering, optimizing, and maintaining the Splunk Enterprise platform across substations, grid management systems, telecom networks, data centers, and OT cybersecurity infrastructure.
This position plays a key role in supporting security operations and regulatory compliance initiatives, ensuring accurate log ingestion, advanced detection development, and reporting aligned with NERC CIP standards and internal compliance controls. The ideal candidate will thrive in high-visibility, high-stakes OT environments where reliability and security are paramount.
Key Responsibilities
Splunk Platform Administration
Administer and maintain Splunk Enterprise infrastructure (indexers, search heads, forwarders, deployment server, cluster management).
Perform performance tuning, system optimization, scaling, and capacity planning for OT workloads.
Install and configure Splunk Universal Forwarders across Windows, Linux, and applicable OT systems.
Manage Splunk apps, add-ons, data models, and knowledge objects.
OT Log Ingestion & Detection Development
Onboard and manage OT-related data sources including firewalls, switches/routers, SCADA-adjacent systems, VPN concentrators, RSA SecureID, Tripwire Enterprise, endpoint security platforms, and network monitoring tools.
Validate NERC CIP log retention and integrity requirements.
Develop dashboards, correlation searches, alerts, and compliance reports.
Create OT-specific detection use cases in collaboration with OT Network Security Analysts.
Security Operations Support
Troubleshoot ingestion failures, missing logs, and detection gaps.
Conduct root-cause analysis impacting OT security visibility.
Support incident response efforts through advanced Splunk queries, timelines, and forensic data exports.
Regulatory & Compliance Support
Support internal and external audits through documentation, dashboards, and evidence extraction.
Ensure platform configurations align with NERC CIP standards (CIP-007, CIP-010, CIP-003 monitoring controls).
Maintain logging architecture documentation and operational procedures aligned with compliance governance standards.
Automation & Integration
Integrate Splunk with ServiceNow for automated alerting and ticketing workflows.
Collaborate with Firewall Governance, PKI, RSA, and VPN lifecycle stakeholders to enhance logging visibility.
Develop and maintain automation scripts using Python, PowerShell, or Bash.
Operational Governance
Maintain operational runbooks, architectural documentation, and work registers.
Provide knowledge transfer and documentation to support long-term operational sustainability.
Minimum Qualifications
3–5+ years of experience administering Splunk Enterprise (preferably in utility, industrial, or OT environments).
Strong expertise in:
Splunk configuration, tuning, and troubleshooting
Log ingestion pipelines
Windows and Linux server administration
Network security principles (firewalls, VPN, segmentation, routing)
Ability to obtain and maintain NERC CIP access requirements.
Preferred Qualifications
Bachelor’s degree in Cybersecurity, Information Systems, Engineering, or related field (or equivalent experience).
Experience in utility OT environments (substations, telecom, control centers, generation facilities, pipelines).
Familiarity with Tripwire, RSA SecureID, SCADA systems, firewall governance frameworks, and NERC CIP requirements.
Experience with Splunk ES or Splunk ITSI.
Scripting and automation experience (Python, PowerShell, Bash).
Experience building dashboards, correlation searches, and detection content.
Key Competencies
Advanced analytical and troubleshooting skills
Strong documentation and audit-evidence preparation capability
Cross-functional collaboration and stakeholder communication
Ability to operate effectively in complex, regulated OT environments
Accountability, follow-through, and operational consistency
