Information Security Unix Analyst, Splunk Ops (L09)

Job Description:

Role Title: Information Security Unix Analyst, Splunk Ops (L09)

Company Overview:

Synchrony (NYSE: SYF) is a premier consumer financial services company delivering one of the industry’s most complete digitally enabled product suites. Our experience, expertise and scale encompass a broad spectrum of industries including digital, health and wellness, retail, telecommunications, home, auto, outdoors, pet and more.

• We have recently been ranked #2 among India’s Best Companies to Work for by Great Place to Work. We were among the Top 50 India’s Best Workplaces in Building a Culture of Innovation by All by GPTW and Top 25 among Best Workplaces in BFSI by GPTW. We have also been recognized by Ambition Box Employee Choice Awards among the Top 20 Mid-Sized Companies, ranked #3 among Top Rated Companies for Women, and Top-Rated Financial Services Companies.

• We provide best-in-class employee benefits and programs that cater to work-life integration and overall well-being.

• We provide career advancement and upskilling opportunities, focusing on Advancing Diverse Talent to take up leadership roles.

Organizational Overview:

This role deals with working on day-to-day activities of the Enterprise Logging Team.  This team manages and maintains Synchrony's Splunk infrastructure, ensuring on prem hosts, agents, and network feeds run smoothly, securely, and efficiently to support business functions, handling everything from daily monitoring, maintenance, and user support to proactive upgrades, disaster recovery, and deploying new technologies. They focus on reliability, performance, and cost-effectiveness, preventing costly outages through continuous monitoring, automation, and incident response

Role Summary/Purpose:

This role will be part of a team responsible for the operations of Synchrony Financial (SYF) Splunk. 

The ideal candidate will deliver Level 2/3 support while prioritizing tasks and overseeing daily logging operations within a global team. This individual is anticipated to assist with the operational components of the SYF Splunk Cloud stack, develop new automation solutions, maintain both the on-premises Splunk Infra and the 11000+ Splunk Universal Forwarders at an N-1 level and offer any necessary support to customers or senior leadership.

Key Responsibilities:

• First line of communication for any outages or incidents to the manager usually via Teams or phone call.

• Planning and automation around all upgrades (this sometimes means up to twice per year depending on the cycle as security vulnerabilities and defects often demand it more than once).

• Working with Splunk Support for all Cloud-based upgrades as well as any issues impacting the environment that require deploying changes to address.

• Splunk RBAC – Experience in administering Splunk Role based access control by providing access to only the required roles.

• Fulfilling documentation and reporting for audit requirements, SOPs, Job Aids, etc.

• Strong troubleshooting skills are required which helps to restore Splunk ASAP in case of any outages/issues.

Required Skills/Knowledge:

• Bachelor’s degree with 5 years’ experience in a financial services industry, Splunk operations setting or in lieu of a degree 7 years of financial services industry and Splunk operations.

• Minimum 4 years of Information Security, IT Operations & BFSI experience.

• Previous experience in supporting a 24/7 operations team and understanding of the associated challenges.

• Splunk Power User certification.

• Proficiency in Splunk administration (installation, configuration, upgrade, and troubleshooting).

• Understanding of Splunk architecture (indexers, search heads, forwarders, deployment server, etc.)

• Writing and optimizing search queries using Splunk SPL (Search Processing Language).

• Knowledge of Splunk apps and add-ons, including security-related ones like Splunk Enterprise Security (ES).

• Capacity management and indexing performance optimization.

• Hands-on experience with CHEF, Ansible, Terrafarm & CICD.

• Solid understanding of Unix administration, CLI operations & shell scripting.

• User level knowledge on ServiceNow & IAM.

Desired Skills/Knowledge: 

• Splunk Administrator certification.

• Experience working in Agile environments.

• Solid understanding of assigned business functional area.

• Creative problem solving skills.

• Experience with Issue management processes and procedures.

• Excellent interpersonal, analytical, organizational, written and verbal communication skills.

Eligibility Criteria:

• Bachelor's degree with 5 years’ experience in a financial services industry, Splunk operations setting or in lieu of a degree 5+ years of financial services industry and Splunk operations.

• Minimum 4 years of Information Security, IT Operations & BFSI experience.

• Provide 24x7 on-call support periodically throughout the year as well as some weekends based on upgrades, incidents, outages, etc.

Work Timings:

3AM - 11:30 AM EST (Exceptions will apply periodically due to business needs and weekend shift rotations)  

For Internal Applicants:

• Understand the criteria or mandatory skills required for the role, before applying

• Inform your manager and HRM before applying for any role on Workday.

• Ensure that your professional profile is updated (fields such as education, prior experience, other skills) and it is mandatory to upload your updated resume (Word or PDF format)

• Must not be any corrective action plan (First Formal/Final Formal, LPP)

• L4 to L7 Employees who have completed 12 months in the organization and 12 months in their current role and level are only eligible.

• L8+ Employees who have completed 18 months in the organization and 12 months in their current role and level are only eligible.

• L04+ Employees can apply.

Grade/Level: 09

Job Family Group: 

Information Technology

Job Family Group: