We are looking for Splunk Consultant on a fulltime basis.
Job Description:
• Design, implement, and manage the Splunk infrastructure.
• Deploy and manage Splunk indexer clusters and search head clusters.
• Performing optimization of existing clustered Splunk deployments.
• Monitor operations of Splunk platform to enable proactive issue identification, response, and resolution.
• Integrate Splunk with a wide variety of legacy data sources, industry leading commercial security tools and Cloud Service provider facilities.
o Build Splunk Technology Add-ons.
o Build custom script in the following languages (Python, Bash, PowerShell, VBscripts).
o Build Splunk apps to be deployed on thousands of Splunk Universal Forwarders.
o Interact with REST API endpoints.
o Interact with RBDMS in SQL.
• Effectively and efficiently onboard data sources, create indexes and data model, create CIM compliant data mapping, establish health monitoring and KPIs.
• Manage Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts. etc..)
• Manage Splunk Role Based Access Control.
• Design and implement Correlation Searches in Splunk Enterprise Security.
• Maintain and extend correlation between Asset & Identity and Splunk Enterprise Security framework.
• Onboard Threat Intelligence feeds and correlate with data.
• Assist Security Analysts providing them consultancy to leverage the Splunk environment.
• Drive the operational model transformation of SecOps.
• Identify technology gaps, security gaps, develop solutions and make recommendations for continuous improvement.
Qualifications / Requirements:
• Splunk Architect or Splunk Consultant certification or proven Splunk Professional Services experience.
• At least 5 years of general work experience as Splunk Architect or higher.
• Experience in designing and implementing Security Operation Center with Splunk.
• Strong understanding of all Splunk architecture components to include search head clustering, indexer clustering, deployment server and monitoring console.
• Strong understanding of SPL.
• Strong understanding of regular expressions and data pipelines.
• Knowledge of platform and application automated deployment and version control software e.g. (Git, Terraform) within a physical environment.
• Knowledge of Security components (Firewall, WAF, Vulnerability scanners, etc…).
• Knowledge of Cloud Service Providers, preferably OCI.
• Knowledge of SOAR is highly desirable.
• Linux system administration skills, preferably RHEL.
• Windows system administration skills.
• Knowledge of Kubernetes and containerized architectures.
• Understanding of network protocols/services and network infrastructures.
• Ability to troubleshoot, diagnose and solve issues independently.
• Excellent verbal and written communication skills.
• Experience as part of a team supporting and maintaining an infrastructure.
• Calm and logical approach during a critical event.
Argyll Scott Consulting Pte Ltd
