Splunk Enterprise Security

Responsibilities

• Integrating Splunk with a variety of security tools and technologies from various domains including Process control Domain/OT and Operations Domain/IT (On-prem and Splunk Cloud). • Administering/Managing the Splunk deployment for optimal performance and availability, implementing RBAC. • Developing custom Splunk add-ons for ingesting, parsing, and filtering of incoming logs. • Partnering with SOC team members to understand security requirements and objectives, implementing Splunk solutions to bolster threat detection and incident response capabilities. • Integrating different security controls and devices such as firewalls, Endpoint Detection and Response (EDR) systems, Proxy, Active Directory (AD), threat intelligence platforms etc. • Developing custom Splunk correlation searches, dashboards, and reports to identify security incidents, investigate alerts, and provide actionable insights to SOC analysts. • Developing highly efficient custom dashboards for different teams to facilitate their security risks, threat, and vulnerability investigations. • Conducting threat hunting exercises using Splunk to proactively identify and mitigate potential security threats and vulnerabilities. • Assisting in the development and refinement of SOC processes and procedures, leveraging Splunk to streamline workflows and enhance operational efficiency. • Implementing Splunk for various automations of SOC SOP workflows