Splunk Engineer

SIEM Infrastructure administration
. Perform SIEM health check
. Monitor SIEM Server Storage, CPU and Memory Usage and perform necessary action.
. Perform SIEM version upgrade
. Update splunk configurations based on security advisory
. SIEM Infra Tuning and Performance Optimization o Monitor SIEM data sources proactively to identify issues in the environment (ex: Index Cluster / Search head cluster issues / etc) SIEM Data onboarding
. Data Onboarding (Including first level assessment, UAT Testing before live) o Integration numerous logs sources including servers (Windows & Linux), devices and security tools like NAC, PAM, NBAD, IPS DAM, DLP, AV etc.
. Data Parser and CIM Mapping Configuration SIEM Use Case Development
. Finetuning existing use cases
. Build new use cases SIEM Troubleshooting and Splunk servers reconciliation
. Troubleshoot, investigate and remediate identified SIEM issues
. Monitor and troubleshoot the servers that have stopped reporting
. Troubleshooting issues with search scheduler management
. Search head tuning and optimization, for missed searches, failed jobs and scheduling searches etc.
. Liaise with IT support groups & service providers to resolve outstanding issues such log onboarding (e.g. HF related issue - Core team, source related issue - Cyber team to coordinate)
. Reconcile Splunk servers periodically SIEM Documentation
. Prepare/update SIEM tool SOPs
. Update Splunk built documents, whenever there are changes to Splunk deployment architecture
. Prepare/update Splunk guide for agent installations

EA Number: 11C4879