.
Splunk Correlation Engineer
Location: Remote
SCEs (Security Center of Excellence) will be responsible for tuning and adjusting rules and policies to increase detection accuracy on a given SIEM Technology, to reduce false positives, or to improve performance by creating policy management and trend analysis, compiling a weekly/monthly trend analysis report including trends in policy exceptions and user behavior,
Provide recommendations on what events should be categorized as in special instructions, interact with the customer on a weekly basis to understand their wants and needs on a tuning perspective.
Major and Key Experience
- Correlate events and find tuning opportunities to have a healthy environment on customer’s console
- Make recommendations to clients about increasing security
- Analyze traffic trends across customer base for large trends
- Identify trends in traffic and make recommendations to clients based on trends
- Creating new rules based on the criteria provided, perform updates on the existing policy rules and research new threats to ensure continuous security
Professional Certification & Skills
- CISSP
- CEH
- OSCP
- AWS Certified CP
- Azure Sentinel Certified
- Splunk Security Certified
- QRadar Certified