Back to jobsExperience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
Minimum of Splunk Power User Certification
Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
Assist in remote and on-site gap assessment of the SIEM solution.
Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.
Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers
Experience in SIEM content development which includes :
Job Description
- Work on defined evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations
- Assist in interview with stakeholders, review documents (SOPs, Architecture diagrams etc.)
- Asist in evaluating SIEM based on the defined criteria and prepare audit reports
- Verification of data of log sources in the SIEM, following the Common Information Model (CIM)
- Experience in parsing and masking of data prior to ingestion in SIEM
- Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution
- Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources
- Assist client with technical guidance to configure their log sources (in-scope) to be integrated to the SIEM
- Hands-on experience in development and customization of Splunk Apps & Add-Ons
- Builds advanced visualizations (Interactive Drilldown, Glass tables etc.)
- Build and integrate contextual data into notable events
- Experience in creating use cases under Cyber kill chain and MITRE attack framework
- Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications.
- Sound knowledge in configuration of Alerts and Reports.
- Good exposure in automatic lookup, data models and creating complex SPL queries.
- Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
- Experience in creating custom commands, custom alert action, adaptive response actions etc.