Splunk Consultant

Description:

We are looking for a Consultant on SIEM solution projects that entails design, audit, implementation, deployment, integration and review of SIEM solutions for our clients. We are looking for candidates beyond the standard deployment of SIEM solutions where infrastructure and systems are integrated for log collection what we are looking for is someone with business logic, identifying threat scenarios across different systems and applications and then implementing and recommending the corrective, detective or preventative controls on Splunk.

Responsibilities:

General:

• Experience with designing, architecting end-to-end Splunk deployments.
• Experience with migrating data and content between different SIEM solutions.
• Hands-on experience on Client Transitions and Cloud migrations (Hybrid Cloud).
• Experience with installation, configuration, license management, data onboarding, data transformation, field extraction, event parsing, data preview, and Apps management of Splunk Enterprise and other premium apps.
• Experience with Splunk Searching and Reporting, Knowledge Objects administration, Clustering and Forwarder Management
• Experience with search query optimization and setting best practices for Splunk users and power users
• Experience with building, customizing, and deploying Splunk apps and add-ons.
• Scale existing environment to meet capacity needs (non-clustered to clustered, single site to multi-site, shared roles to dedicated roles and so on)
• Deploy Splunk binaries to various locations using automation scripts (SCCM, Puppet, Ansible, Terraform).
• Hands-on configuration experience including version control, major upgrades, and updates.
• Proactively monitoring and responding to issues like system alerts (Splunk, as well as infrastructure)
• Support pre-sales, sales and business development of new and existing services.
• Creation, optimization and documentation of SOC SOP's and KPI's for end customers.
• Define and manage strategies and processes to ingest and normalize new data sources (CIM Compliance)
• Familiarity with key Operating Systems, VM environments and cloud-based services
• Hands-on experience in Root-cause analysis and knowledge on scripting languages (JavaScript, Python, Shell, Unix) and well versed with RegEx.
• Knowledge on Splunk administration - User management, Index Management, configuration files, Forwarder management, Data inputs, Event Parsing, Manipulating raw data, SC4S integration.
• Experience on different integrations using Splunk Apps/Add-ons.
• Familiarity with basic integration concepts, e.g. Syslog, WMI, APIs, Service Oriented Architecture, ESB, etc.
• Strong knowledge on Search Processing Language (SPL).
• Knowledge on different types of knowledge objects - Fields, Field extractions, Field aliases, Calculated fields, Lookups, KV store, Event types, Tags, Reports, Alerts, Macros, Data models.
• Depth of skills in at least three of the following areas: Security Controls Operations, Cyber Incident Response, Cyber Security Detection, Managed Services Integration, Cyber Threat Intelligence, Threat Hunting.

SOAR:

• Build, integrate and orchestrate end to end automation. Integrate new logging sources and build playbooks to properly triage and respond to security incidents while reducing the time needed to analyze each event.
• Develop simple and complex playbooks and simple/custom connectors integrating with various technologies.
• Implement and configure SOAR for new or existing customers and configuring multitenancy.
• Identify challenges of customer security teams, and assist security teams with SOAR best practices.
• Experience in the design, implementation, maintenance, and optimization of playbooks for detection, protection, containment and mitigation of cyber security related threats and incidents.
• Experience in integrating various technologies with SOAR platform.

Optional:

• Should have hands on experience on ITSI like Data integration, Service analyzer, KPI Thresholds and Time Policies, Entities, Templates and Dependencies, Anomaly Detection and Predictive Analytics, Event management, Glass table & Dashboard, Backup and Restore etc.
• Experience on Splunk Observability Suite solutions like APM, IM, RUM, and Splunk On-Call
• Experience on Splunk Observability Suite (APM and infrastructure monitoring).
• Working with Machine Learning Toolkit and knowledge of creating custom ML models.

Qualifications and Certifications:

• 5+ years of experience in SIEM, SOAR and Cybersecurity solutions of which minimum 3 years of core experience in implementing Splunk.
• Splunk Enterprise Certified Consultant with any one of the following accreditations is preferred:
• Splunk Accredited ES Implementation
• Splunk Accredited ITSI Implementation
• Splunk Accredited SIEM Replacement
• Splunk Accredited UBA Implementation