| Splunk Admin - ONSITE at Hartford, Connecticut, USA |
| Email: [email protected] |
| From: Devakar Balachandran, KK Software Associates [email protected] Reply to: [email protected] Note: Please don't share OPT, CPT, H4EAD,TN, E3 and L2 Client: TCS Location: Hartford, CT / ONSITE JD: Role name: System Administrator Role Description: Understand the customer environment and create HLD for SIEM & SOAR implementation2. Work with cross functional teams in enabling & implementing Splunk SIEM solution & logingestion from the customers Security Stack.3. Enable OOB & custom usecases per customer requirement.4. Good experience in Splunk Query language5. Identity & implement possible automation scenarios leveraging Splunk Phantom.6. Responsible Security event triage and security incidents investigations, including support forforensics analysis.7. Conduct proactive threat and compromise analysis by reviewing reports to understand threatcampaign(s) techniques, lateral movements, and extract indicators of compromise (IOCs).8. Lead the team with accountability to ensure overall delivery requirements are met9. Monitor, evaluate, and assist with the maintenance of assigned security systems in accordance withindustry best practices to safeguard internal information systems and databases10. Analyze a variety of network and host-based security appliance logs determine the correctremediation actions and escalation paths for each incident.11. Ability to conduct packet analysis and articulate findings in order to fine-tune alerts12. Conduct advanced use case development leveraging all product features (trends + variables +hierarchal architectures, Pattern Discovery)13. Responsible for Security Incident Response and documentation of investigation reports14. Prioritize & determine events that are relevant for immediate action,15. Maintain an expert understanding of vulnerabilities, response, and mitigation strategies used tosupport cyber security operations16. Serve as point of escalation for Level 1/2 analysts17. Tune the logging from all security appliances for relevant alerting levels18. Work closely with all Security Operations staff to ensure 24x7 availability. Competencies: Cyber Security Experience (Years): 4-6 Essential Skills: Security Incident investigations, Incident Response, Splunk, SIEM, SOAR, Threat Hunting Ability to perform reactive & proactive security analysis and articulate emerging threats to leadership and team Situational awareness of cyber activity by reviewing open source reporting for new vulnerabilities, malware, or other threats that have the potential to impact the organization Experience in directly working with the customer and managing customer expectations, project deliverables in coordination with onshore/nearshore/offshore team Good knowledge & working experience on Splunk administration & engineering, log management, event correlation, security incident management, SIEM & SOAR. Ability to preset a threat response for any critical incidents. Experience in defining alerts, reports and dashboards Ability to prepare reports and present risk based view to ClientsExpertise in SIEM & SOAR implementation by understanding the customer environment. 2. Team management with good Information security technical expertise and ability to frontend customer interactions 3. Experience in Security Incident Response Lifecycle 4. Experience in identifying & enabling SIEM & SOAR functionality using Splunk. 5. Experience in defining SOC monitoring usecases and operationalizing them through SOPs, and SIEM based alerts / reports. 6. Should understand the functioning of Security Technologies including EDR, Firewalls, Intrusion Prevention, Packet Capture tools, Remote access technologies etc. 7. Security incident investigations using Next-Gen AV/ EDR solutions such as CrowdStrike, MS Defender,etc 8. Experience in understanding and interpreting Threat intelligence from various external sources including validation of related IOCs in customer environment. 9. Should have good conceptual understanding of Windows, Linux operating systems & Networking TCP/IP Protocol Suite 10. Understanding of common network services (web, mail, DNS, FTP, etc.), network vulnerabilities, and network attack patternsPossess knowledge and experience in Threat Ecosystem, remediating Malware, Rootkits and Botnets 12. Strong analytical and problem solving skills 13. Good organization skills to ensure coordination and smooth hand-offs between onshore & offshore/nearshore teams 14. Strong communication (verbal and written) and interpersonal skills 15. Project Management experience with an ability to mentor the team and meet delivery objectives Desirable Skills: Certifications preferred - CISSP, GCIH, GCFA, CHFI, CEH, SEC+ Experience in custom integrations & automation. Executive briefing & reporting skills with attention to detail Country: United States Keywords: trade national microsoft Connecticut Tennessee Splunk Admin - ONSITE [email protected] |
| [email protected] View all |
| Mon Aug 19 19:42:00 UTC 2024 |