Responsibilities
- Design, implement, and manage the Splunk infrastructure.
- Deploy and manage Splunk indexer clusters and search head clusters.
- Performing optimization of existing clustered Splunk deployments.
- Monitor operations of Splunk platform to enable proactive issue identification, response, and resolution.
- Integrate Splunk with a wide variety of legacy data sources, industry leading commercial security tools and Cloud Service provider facilities.
- Build Splunk Technology Add-ons.
- Build custom script in the following languages (Python, Bash, PowerShell, VBscripts).
- Build Splunk apps to be deployed on thousands of Splunk Universal Forwarders.
- Interact with REST API endpoints.
- Interact with RBDMS in SQL.
- Effectively and efficiently onboard data sources, create indexes and data model, create CIM compliant data mapping, establish health monitoring and KPIs.
- Manage Splunk knowledge objects (Apps, Dashboards, Saved Searches, Scheduled Searches, Alerts. etc...)
- Manage Splunk Role Based Access Control.
- Design and implement Correlation Searches in Splunk Enterprise Security.
- Maintain and extend correlation between Asset & Identity and Splunk Enterprise Security framework.
- Onboard Threat Intelligence feeds and correlate with data.
- Assist Security Analysts providing them consultancy to leverage the Splunk environment.
- Drive the operational model transformation of SecOps.
- Identify technology gaps, security gaps, develop solutions and make recommendations for continuous improvement.
Skills Requirements
- Bachelor’s degree in Engineering/Information Technology/Computer Science.
- Splunk Architect or Splunk Consultant certification or proven Splunk Professional Services experience.
- 6-10 years of experience in the relavant field.
- Experience in designing and implementing Security Operation Center with Splunk.
- Strong understanding of all Splunk architecture components to include search head clustering, indexer clustering, deployment server and monitoring console.
- Strong understanding of SPL.
- Strong understanding of regular expressions and data pipelines.
- Knowledge of platform and application automated deployment and version control software e.g. (Git, Terraform) within a physical environment.
- Knowledge of Security components (Firewall, WAF, Vulnerability scanners, etc…).
- Knowledge of Cloud Service Providers, preferably OCI.
- Knowledge of SOAR is highly desirable.
- Linux system administration skills, preferably RHEL.
- Windows system administration skills.
- Knowledge of Kubernetes and containerized architectures.
- Understanding of network protocols/services and network infrastructures.
- Ability to troubleshoot, diagnose and solve issues independently.
- Excellent verbal and written communication skills.
- Experience as part of a team supporting and maintaining an infrastructure.
- Calm and logical approach during a critical event.