• We are seeking an experienced Splunk Enterprise Security with expertise in Splunk ES architecture
Responsibilities
• Integrating Splunk with a variety of security tools and technologies from various domains including Process control Domain/OT and Operations Domain/IT (On-prem and Splunk Cloud).
• Administering/Managing the Splunk deployment for optimal performance and availability, implementing RBAC.
• Developing custom Splunk add-ons for ingesting, parsing, and filtering of incoming logs.
• Partnering with SOC team members to understand security requirements and objectives, implementing Splunk solutions to bolster threat detection and incident response capabilities.
• Integrating different security controls and devices such as firewalls, Endpoint Detection and Response (EDR) systems, Proxy, Active Directory (AD), threat intelligence platforms etc.
• Developing custom Splunk correlation searches, dashboards, and reports to identify security incidents, investigate alerts, and provide actionable insights to SOC analysts.
• Developing highly efficient custom dashboards for different teams to facilitate their security risks, threat, and vulnerability investigations.
• Conducting threat hunting exercises using Splunk to proactively identify and mitigate potential security threats and vulnerabilities.
• Assisting in the development and refinement of SOC processes and procedures, leveraging Splunk to streamline workflows and enhance operational efficiency.
• Implementing Splunk for various automations of SOC SOP workflows
Requirements
• Design and implementation of Splunk ES architecture
• Integration with security tools and technologies:
• Security monitoring and incident response:
• Security analytics and reporting
• Collaboration and communication Implementation and management of Splunk Enterprise Security, migration/scaling of the Splunk Environment from Windows to Linux, enhancing the performance, reliability, and availability. Implementation and integration of SOAR platform (Splunk Phantom) and User Behavior Analytics (Splunk UBA/UEBA) with the existing Splunk Infrastructure, supporting and enhancing operations with automations wherever possible.