| Splunk Admin _ Hartford, CT at Hartford, Connecticut, USA |
| Email: [email protected] |
| From: Jessica, Siriinfo [email protected] Reply to: [email protected] Greetings, We have the below requirement with our client. Kindly go through the JD below and let me know your interest Role name: System Administrator Hartford, CT Duration : Contract Role Description: Understand the customer environment and create HLD for SIEM & SOAR implementation 2. Work with cross functional teams in enabling & implementing Splunk SIEM solution & logging estion from the customers Security Stack. 3. Enable OOB & custom use cases per customer requirement. 4. Good experience in Splunk Query language 5. Identity & implement possible automation scenarios leveraging Splunk Phantom. 6. Responsible Security event triage and security incidents investigations, including support for forensics analysis. 7. Conduct proactive threat and compromise analysis by reviewing reports to understand threat campaign(s) techniques, lateral movements, and extract indicators of compromise (IOCs). 8. Lead the team with accountability to ensure overall delivery requirements are met 9. Monitor, evaluate, and assist with the maintenance of assigned security systems in accordance with industry best practices to safeguard internal information systems and databases 10. Analyze a variety of network and host-based security appliance logs determine the correct remediation actions and escalation paths for each incident. 11. Ability to conduct packet analysis and articulate findings in order to fine-tune alerts 12. Conduct advanced use case development leveraging all product features (trends + variables +hierarchal architectures, Pattern Discovery) 13. Responsible for Security Incident Response and documentation of investigation reports 14. Prioritize & determine events that are relevant for immediate action, 15. Maintain an expert understanding of vulnerabilities, response, and mitigation strategies used to support cyber security operations 16. Serve as point of escalation for Level 1/2 analysts 17. Tune the logging from all security appliances for relevant alerting levels18. Work closely with all Security Operations staff to ensure 24x7 availability. Competencies: Cyber Security Experience (Years):4-6 Essential Skills: Security Incident investigations, Incident Response, Splunk, SIEM, SOAR, Threat Hunting Ability to perform reactive & proactive security analysis and articulate emerging threats to leadership and team Situational awareness of cyber activity by reviewing open source reporting for new vulnerabilities, malware, or other threats that have the potential to impact the organization Experience in directly working with the customer and managing customer expectations, project deliverables in coordination with onshore/nearshore/offshore team Good knowledge & working experience on Splunk administration & engineering, log management, event correlation, security incident management, SIEM & SOAR. Ability to present a threat response for any critical incidents. Experience in defining alerts, reports and dashboards Ability to prepare reports and present risk based view to Clients Expertise in SIEM & SOAR implementation by understanding the customer environment. 2. Team management with good Information security technical expertise and ability to frontend customer interactions 3. Experience in Security Incident Response Lifecycle 4. Experience in identifying & enabling SIEM & SOAR functionality using Splunk. 5. Experience in defining SOC monitoring use cases and operationalizing them through SOPs, and SIEM based alerts / reports. 6. Should understand the functioning of Security Technologies including EDR, Firewalls, Intrusion Prevention, Packet Capture tools, Remote access technologies etc. 7. Security incident investigations using Next-Gen AV/ EDR solutions such as CrowdStrike, MS Defender , etc 8. Experience in understanding and interpreting Threat intelligence from various external sources including validation of related IOCs in customer environment. 9. Should have good conceptual understanding of Windows, Linux operating systems & Networking TCP/IP Protocol Suite 10. Understanding of common network services (web, mail, DNS, FTP, etc.), network vulnerabilities, and network attack patterns Possess knowledge and experience in Threat Ecosystem, remediating Malware, Rootkits and Botnets 12. Strong analytical and problem solving skills 13. Good organization skills to ensure coordination and smooth hand-offs between onshore & offshore/nearshore teams 14. Strong communication (verbal and written) and interpersonal skills 15. Project Management experience with an ability to mentor the team and meet delivery objectives Desirable Skills: Certifications preferred CISSP, GCIH, GCFA, CHFI, CEH, SEC+ Experience in custom integrations & automation. Executive briefing & reporting skills with attention to detail Best Regards, Jessica|Sr Technical Recruiter| Email: [email protected] Keywords: golang microsoft Connecticut Splunk Admin _ Hartford, CT [email protected] |
| [email protected] View all |
| Wed Aug 28 01:01:00 UTC 2024 |