| Onsite Splunk System Admin at Remote, Remote, USA |
| Email: [email protected] |
| From: Shubham Choudhary, Quantum World Technologies [email protected] Reply to: [email protected] Job Title : Splunk System Admin Location : Onsite (Hartford, CT) Interview : Phone/Video Job Description: Understand the customer environment and create HLD for SIEM & SOAR implementation. Work with cross functional teams in enabling & implementing Splunk SIEM solution & log ingestion from the customers Security Stack. Enable OOB & custom use cases per customer requirement. Good experience in Splunk Query language. Identity & implement possible automation scenarios leveraging Splunk Phantom. Responsible Security event triage and security incidents investigations, including support for forensics analysis. Conduct proactive threat and compromise analysis by reviewing reports to understand threat campaign(s) techniques, lateral movements, and extract indicators of compromise (IOCs). Lead the team with accountability to ensure overall delivery requirements are met. Monitor, evaluate, and assist with the maintenance of assigned security systems in accordance with industry best practices to safeguard internal information systems and databases. Analyze a variety of network and host-based security appliance logs determine the correct remediation actions and escalation paths for each incident. Ability to conduct packet analysis and articulate findings in order to fine-tune alerts. Conduct advanced use case development leveraging all product features (trends + variables + hierarchal architectures, Pattern Discovery). Responsible for Security Incident Response and documentation of investigation reports. Prioritize & determine events that are relevant for immediate action. Maintain an expert understanding of vulnerabilities, response, and mitigation strategies used to support cyber security operations. Serve as point of escalation for Level 1/2 analysts. Tune the logging from all security appliances for relevant alerting levels. Work closely with all Security Operations staff to ensure 24x7 availability. Essential Skills: Expertise in SIEM & SOAR implementation by understanding the customer environment. Team management with good Information security technical expertise and ability to frontend customer interactions. Experience in Security Incident Response Lifecycle. Experience in identifying & enabling SIEM & SOAR functionality using Splunk. Experience in defining SOC monitoring use cases and operationalizing them through SOPs, and SIEM based alerts / reports. Should understand the functioning of Security Technologies including EDR, Firewalls, Intrusion Prevention, Packet Capture tools, Remote access technologies etc. Security incident investigations using Next-Gen AV/ EDR solutions such as CrowdStrike, MS Defender,etc. Experience in understanding and interpreting Threat intelligence from various external sources including validation of related IOCs in customer environment. Should have good conceptual understanding of Windows, Linux operating systems & Networking TCP/IP Protocol Suite. Understanding of common network services (web, mail, DNS, FTP, etc.), network vulnerabilities, and network attack patterns. Possess knowledge and experience in Threat Ecosystem, remediating Malware, Rootkits and Botnets. Strong analytical and problem-solving skills. Good organization skills to ensure coordination and smooth hand-offs between onshore & offshore/nearshore teams. Strong communication (verbal and written) and interpersonal skills. Project Management experience with an ability to mentor the team and meet delivery objectives Desirable Skills: Certifications preferred - CISSP, GCIH, GCFA, CHFI, CEH, SEC+ Experience in custom integrations & automation. Executive briefing & reporting skills with attention to detail Unfeigned Regards, Shubham Chaudhary Technical Recruiter [email protected] linkedin.com/in/shubham-choudhary-816b00236 Quantum World Technologies Inc. 4281 Katella Ave, Suite #102 Los Alamitos CA 90720 USA Keywords: microsoft California Connecticut Onsite Splunk System Admin [email protected] |
| [email protected] View all |
| Fri Nov 15 01:54:00 UTC 2024 |