TC - CS - CDR - Splunk - Staff

Staff (CTM – Threat Detection & Response)

KEY Capabilities:

• Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
• Minimum of Splunk Power User Certification
• Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
• Assist in remote and on-site gap assessment of the SIEM solution.
  • Work on defined evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations
  • Assist in interview with stakeholders, review documents (SOPs, Architecture diagrams etc.)
  • Asist in evaluating SIEM based on the defined criteria and prepare audit reports
• Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.
• Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers
• • Verification of data of log sources in the SIEM, following the Common Information Model (CIM)
  • Experience in parsing and masking of data prior to ingestion in SIEM
  • Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution
  • Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources
  • Assist client with technical guidance to configure their log sources (in-scope) to be integrated to the SIEM
• Experience in SIEM content development which includes :
• • Hands-on experience in development and customization of Splunk Apps & Add-Ons
  • Builds advanced visualizations (Interactive Drilldown, Glass tables etc.)
  • Build and integrate contextual data into notable events
  • Experience in creating use cases under Cyber kill chain and MITRE attack framework
  • Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications.
  • Sound knowledge in configuration of Alerts and Reports.
  • Good exposure in automatic lookup, data models and creating complex SPL queries.
  • Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
  • Experience in creating custom commands, custom alert action, adaptive response actions etc.

Qualification & experience:

• Minimum of 3 years’ experience in Splunk and 3 to 5 years of overall experience with knowledge in Operating System and basic network technologies
• Experience in SOC as L1/L2 Analyst will be an added advantage
• Strong oral, written and listening skills are an essential component to effective consulting.
• Good to have knowledge of Vulnerability Management, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting
• Certification in any other SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage
• Certifications in a core security related discipline (CEH, Security+, etc.) will be an added advantage.