fb

Job Description

Splunk Enterprise Security


Job Code : 12608
Experience : 5-8 Years
Location : Hyderabad

• We are seeking an experienced Splunk Enterprise Security with expertise in Splunk ES architecture

Responsibilities
• Integrating Splunk with a variety of security tools and technologies from various domains including Process control Domain/OT and Operations Domain/IT (On-prem and Splunk Cloud). • Administering/Managing the Splunk deployment for optimal performance and availability, implementing RBAC. • Developing custom Splunk add-ons for ingesting, parsing, and filtering of incoming logs. • Partnering with SOC team members to understand security requirements and objectives, implementing Splunk solutions to bolster threat detection and incident response capabilities. • Integrating different security controls and devices such as firewalls, Endpoint Detection and Response (EDR) systems, Proxy, Active Directory (AD), threat intelligence platforms etc. • Developing custom Splunk correlation searches, dashboards, and reports to identify security incidents, investigate alerts, and provide actionable insights to SOC analysts. • Developing highly efficient custom dashboards for different teams to facilitate their security risks, threat, and vulnerability investigations. • Conducting threat hunting exercises using Splunk to proactively identify and mitigate potential security threats and vulnerabilities. • Assisting in the development and refinement of SOC processes and procedures, leveraging Splunk to streamline workflows and enhance operational efficiency. • Implementing Splunk for various automations of SOC SOP workflows
Requirements
• Design and implementation of Splunk ES architecture • Integration with security tools and technologies: • Security monitoring and incident response: • Security analytics and reporting • Collaboration and communication Implementation and management of Splunk Enterprise Security, migration/scaling of the Splunk Environment from Windows to Linux, enhancing the performance, reliability, and availability. Implementation and integration of SOAR platform (Splunk Phantom) and User Behavior Analytics (Splunk UBA/UEBA) with the existing Splunk Infrastructure, supporting and enhancing operations with automations wherever possible.