Responsibilities : Development, deployment, or administration of Splunk. Onboard Splunk ES critical data sources - ingestion of critical data sources / data logs from the enterprise into the Security Information Event Management (SIEM) tool to meet the Splunk Enterprise Security (ES) implementation.
Normalize Log Data to Common Information Model (CIM) as required by Splunk ES to meet the provided security use cases (Rules / Alerts Create viewable Splunk dashboards to provide visibility into ingested log data.
Create alerts that trigger / activate on configured setting to deploy or sends a note, email, or attachments to a particulate destination email or groups.
Create security rules (alerts) that trigger on anomalous activities or threat detections. Splunk Support - Assisting Customers with any issues when ingestion of logs that are not working properly or communication issues with Splunk.
Resolve Splunk infrastructure or system issues. Check virtual server availability, functionality, integrity, and efficiency.
Monitor and maintain virtual server configuration. Diagnose failed servers or connectivity problems. Qualifications : Completed Bachelor’s degree from an accredited university is required, preferably in an IT related field.
Minimum of 5 to 7 years of experience related to the qualifications above, including work with security monitoring tools such as IDS / IPS, FWs and NACs and protocols such as NetFlow (Snort, Bro, Palo Alto, Checkpoint, Palo, Arista, ISE,FireEye, Gigamon Strong experience with the development, deployment and administration of Splunk along with Security Information Event Management tools.
Experience working with cloud services such as AWS, Azure and M365 and cloud access security brokers. Experience in the use of network monitoring tools with a strong understanding of network protocols.
Ability to perform security analysis, development and implementation of security policies, standards, and guidelines. Ability to quickly explore, examine and understand complex security problems and how it affects a customer’s business.
Experience with both the Linux and Windows operating systems. Experience with SOAR and Firewall platforms from Palo Alto Networks.