Job Description

6.00 to 14.00 Years
PUNE [India]
Associate / Security Consultant –Splunk SIEMExperience :6 + years of experienceJob Location : PuneWillingness to work in 24x7 shift environment (as required)Roles & Responsibilities: Should have good hands on exp and understanding of splunk queiresShould have exp of dashboards, report, data models, tags, field aliases etc.Should have good exp on Splunk system administration (Splunk UF , HF , indexer, KV store)Should have an understanding and practical knowledge of SOC processes , incident handling and response etcShould be able to guide a team of L1 team members to perform deep dive analysis and help them with SOP's• Determine methods and procedures for solving very complex technical issues encompassing hardware, software and network equipment.• Perform a Deep dive analysis and provide resolution to the issues escalated by the L1 team.• Work with different teams and co-ordinate the incident handling and response.• Guide the L1 team in case of critical security detection.• Perform pro-active threat hunting based on the latest threats and IOC’s (example : maze ransomware)• Work on publishing security advisories (example from NIST, CERT) to different stakeholders and follow-up until closure.• Identify the zero day attacks and work with different teams to mitigate the issue with the Golden hour principle.• Work on providing reports and updates on weekly and monthly basis.• Review the work done by the L1 team members and ensure the KPI’s, PI’s and SLA’s are followed.• Understanding of Splunk architecture: - Knowledge about various components (indexer, forwarder, search head, deployment server).• Heavy and Universal forwarder. - Complete understanding of Installation and Configuration of all Splunk components.• Hot, Warm, Cold, Frozen bucketing. - Using IFX, Rex Command and REGEX in configuration files.• Knowledge of EXTRACT keyword, sed. - Knowledge of various search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc.• Should be proficient in writing Splunk queries and onboarding various Splunk Apps.• Creating correlation rule / search, dashboards, reports using XML. - Create dashboard from search. - Inline search vs scheduled search in a dashboard• Develop various types of charts - Knowledge of Splunk apps, users and role access permissions.• Use techniques to optimize searches for better performance.ØSearch time vs Index time field extraction.ØSummary Indexing.ØPerformance evaluation and optimization for Splunk instances.ØUnderstanding of configuration files, precedence and working.ØProps. conf, transforms. conf, inputs. conf, outputs. confØLoad balancing of forwarders and indexers.• Perform maintenance & upgrades of Splunk indexers, search heads, forwarders and Deployment servers.• Hands on experience in providing operational SOC support of performing L2/L3 level analysis of logged SOC alerts. SIEM Tool (Splunk)• Experience in SIEM (Splunk) setup Implementation in different platforms like Linux , Windows and Cloud.• A