Job Description :
Responsibilities:
Very strong skills with Splunk Enterprise Security(ES) with strong ability to architect, design and deploy in Enterprise environments
Strong skills in all relevant functions of Splunk ES used for Security operations
Strong skills in conceptualizing, designing and building dashboards using Splunk ES
Very strong hands-on skills on automation and response features and associated configuration aspects (Phantom)
Strong knowledge of security incident analysis tool incident workbench
Provide technical leadership for Splunk ES (SIEM) to support security operations teams when needed
Strong experience in migration of SIEM platforms to Splunk ES for security monitoring
Coordinate SIEM platform efforts across multiple business units as part of design/implementation
Very good experience/knowledge on Splunk UBA capability, Phantom for Orchestration
Skill in integration of Splunk ES with various threat intelligence sources
Knowledge of other SIEM platforms and their architecture
Conduct proof-of-concept reviews for new security products & Splunk integration
Prepare reports, summaries, and other forms of communication that may be both internal and client-facing.
Maintaining familiarity with industry trends and security best practices like MITRE Att&ck framework that can be leveraged for customizing Splunk ES platform for investigation and response
Work/guide on scripting like Python, Perl, Bash and/or Shell scripting
Certified in Splunk admin & Splunk ES