Job Description :
Very strong skills with Splunk Enterprise Security(ES) with strong ability to architect, design and deploy in Enterprise environments
Strong skills in all relevant functions of Splunk ES used for Security operations
Strong skills in conceptualizing, designing and building dashboards using Splunk ES
Very strong hands on skills on automation and response features and associated configuration aspects (Phantom)
Strong knowledge of security incident analysis tool incident workbench
Provide technical leadership for Splunk ES (SIEM) to support security operations teams when needed
Strong experience in migration of SIEM platforms to Splunk ES for security monitoring
Coordinate SIEM platform efforts across multiple business units as part of design/implementation
Very good experience/knowledge on Splunk UBA capability, Phantom for Orchestration
Skill in integration of Splunk ES with various threat intelligence sources
Knowledge of other SIEM platforms and their architecture
Conduct proof-of-concept reviews for new security products & Splunk integration
Prepare reports, summaries, and other forms of communication that may be both internal and client facing.
Maintaining familiarity with industry trends and security best practices like MITRE Att&ck framework that can be leveraged for customizing Splunk ES platform for investigation and response
Work/guide on scripting like Python, Perl, Bash and/or Shell scripting
Certified in Splunk admin & Splunk ES
Experience
12+ years of IT industry experience working with large organizations in the area of infrastructure / IT Security
Soft skills
Strong verbal and written communication skills
Experience in working with security stakeholders and other senior security leaders
Interface with client stakeholders on technical requirements to improve and build the splunk ES platform
Effectively communicate/present security concepts with both technical and non-technical individuals
CISSP/CISM certification will be preferred
Open for business travel at short notice