Job Description :
Description:
Assessment of SOC processes and identifies improvement opportunities Assessment of SIEM use cases and identify gaps
SPLUNK (SIEM) Level 2/3 activities
Creating Use-cases and implement the use cases.
Document improvement implementation plan
Provide advisory services for IT security infrastructure and recommend solutions, if needed for the following domains - Identity & Access Management Application Security & Vulnerability management Data Security & privacy Infrastructure/Cloud Security Operations center Co-ordinate efforts with technical stakeholders, including Architects, Business Leads and various Teams Planning and Reporting activities
At least 8 years of experience with Information Security.
Knowledge and Skills:
Ideal Candidate should have at least 8+ years of experience focused on the SIEM/SOC Operations, Network Security Architecture, Firewall, VPN, etc.
Hands on Experience with SPLUNK, Cisco/Palo Alto Firewalls, End point Security etc. is a must
Good understanding of Splunk architecture.
Knowledge about various components (indexer, forwarder, search head, deployment server
Installation and Configuration of all SPLUNK components.
Hot, Warm, Cold, Frozen bucketing using IFX, Rex Command and REGEX in configuration files.
Knowledge of EXTRACT keyword, sed. - Knowledge of various search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc.
Difference between event stats and stats. - Time chart attributes such as span, bins.
Creating dashboards, reports using XML. Inline search vs scheduled search in a dashboard Various types of charts, knowledge of app creation, user and role access permissions.
Creating and managing app - create user, role Permissions to knowledge objects Optimize searches.
Use techniques to optimize searches for better performance.
Search time vs. Index time field extraction.