Salary : Not disclosed
Main Skills/Qualification: Any PG
Experience: 6-14
Associate / Security Consultant –Splunk SIEM
Experience : 6 + years of experience
Job Location : Pune
Willingness to work in 24x7 shift environment (as required)
Roles & Responsibilities:
Should have good hands on exp and understanding of splunk queires
Should have exp of dashboards, report, data models, tags, field aliases etc.
Should have good exp on Splunk system administration (Splunk UF , HF , indexer, KV store)
Should have an understanding and practical knowledge of SOC processes , incident handling and response etc
Should be able to guide a team of L1 team members to perform deep dive analysis and help them with SOP's
• Determine methods and procedures for solving very complex technical issues encompassing hardware, software and network equipment.
• Perform a Deep dive analysis and provide resolution to the issues escalated by the L1 team.
• Work with different teams and co-ordinate the incident handling and response.
• Guide the L1 team in case of critical security detection.
• Perform pro-active threat hunting based on the latest threats and IOC’s (example : maze ransomware)
• Work on publishing security advisories (example from NIST, CERT) to different stakeholders and follow-up until closure.
• Identify the zero day attacks and work with different teams to mitigate the issue with the Golden hour principle.
• Work on providing reports and updates on weekly and monthly basis.
• Review the work done by the L1 team members and ensure the KPI’s, PI’s and SLA’s are followed.
• Understanding of Splunk architecture: - Knowledge about various components (indexer, forwarder, search head, deployment server).
• Heavy and Universal forwarder. - Complete understanding of Installation and Configuration of all Splunk components.
• Hot, Warm, Cold, Frozen bucketing. - Using IFX, Rex Command and REGEX in configuration files.
• Knowledge of EXTRACT keyword, sed. - Knowledge of various search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc.
• Should be proficient in writing Splunk queries and onboarding various Splunk Apps.
• Creating correlation rule / search, dashboards, reports using XML. - Create dashboard from search. - Inline search vs scheduled search in a dashboard
• Develop various types of charts - Knowledge of Splunk apps, users and role access permissions.
• Use techniques to optimize searches for better performance.
Ø Search time vs Index time field extraction.
Ø Summary Indexing.
Ø Performance evaluation and optimization for Splunk instances.
Ø Understanding of configuration files, precedence and working.
Ø Props. conf, transforms. conf, inputs. conf, outputs. conf
Ø Load balancing of forwarders and indexers.
• Perform maintenance & upgrades of Splunk indexers, search heads, forwarders and Deployment servers.
• Hands on experience in providing operational SOC support of performing L2/L3 level analysis of logged SOC alerts. SIEM Tool (Splunk)
• Experience in SIEM (Splunk) setup Implementation in different platforms like Linux , Windows and Cloud.