TC-CS-Cyber Detection and Response-Splunk-Senior
Job description
At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
Senior (CTM – Threat Detection & Response)
We are seeking a highly skilled and experienced Senior Splunk Implementation Specialist to lead and oversee the deployment, administration, and use case development of Splunk Enterprise Security (ES) applications. The ideal candidate will have a deep understanding of Splunk's capabilities and a strong background in cybersecurity. This role requires an individual with extensive experience in implementing and managing Splunk ES, as well as developing and maintaining security use cases to enhance client’s security posture.
KEY Capabilities:
- Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
- Lead the planning, design, and implementation of Splunk Enterprise Security (ES) across the organization.
- Develop and manage the Splunk implementation project plan, including timelines, milestones, and resource allocation.
- Coordinate with cross-functional teams, including IT, security, and compliance, to ensure seamless integration of Splunk with existing systems and processes.
- Oversee the configuration and customization of Splunk ES to meet the organization's specific security requirements.
- Develop, implement, and maintain security use cases, correlation searches, and dashboards within Splunk ES.
- Provide expert guidance and support to the security operations team in the use of Splunk ES for threat hunting and incident investigation.
- Ensure compliance with industry standards and regulatory requirements related to security monitoring and incident response.
- Develop and maintain documentation for Splunk configurations, processes, and procedures.
- Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
- Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers.
- Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems.
- Experience in creating use cases under Cyber kill chain and MITRE attack framework.
- Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc
- Sound knowledge in configuration of Alerts and Reports.
- Good exposure in automatic lookup, data models and creating complex SPL queries.
- Create, modify, and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement.
- Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations.
- Experience in creating custom commands, custom alert action, adaptive response actions etc.
Qualification & experience:
- Minimum of 5 to 7 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
- Proven experience in implementing and managing Splunk Enterprise Security (ES) applications.
- Strong understanding of cybersecurity principles, threat detection, and incident response.
- Extensive experience in developing and maintaining security use cases, correlation searches, and dashboards within Splunk ES.
- Excellent project management skills, with a track record of successfully leading complex security projects.
- Strong leadership and team management skills, with the ability to mentor and develop team members.
- Excellent communication and interpersonal skills, with the ability to collaborate effectively with stakeholders at all levels.
- Relevant certifications such as CISSP, CISM, Splunk Certified Admin, Splunk Certified Architect, or similar are highly desirable. Certifications in a core security related discipline will be an added advantage.
Desired Skills:
- Familiarity with scripting and automation tools (e.g., Python, PowerShell) for security operations and incident response.
- Knowledge of regulatory and compliance frameworks (e.g., GDPR, HIPAA, NIST).
- Experience in conducting security assessments and audits.
- Ability to develop and implement security policies, procedures, and best practices.
- Strong analytical and problem-solving skills.
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.