| Splunk UEBA Architect -- Atlanta, GA at Atlanta, Georgia, USA |
| Email: [email protected] |
| From: Maroju, Softcomsystems [email protected] Reply to: [email protected] Hi , Hope you are doing good. This is Teja from Softcom System, We have below urgent requirements. Please find the below JD and share your interest, Role: Splunk UEBA Architect Location: Atlanta, GA Detailed Job Description: Splunk UEBA Architect Essential Duties and Responsibilities: Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time. We are seeking candidates who can deploy and maintain the backend architecture and developing content for complex and growing Splunk infrastructures. This includes use cases for Dashboards, Reports, Alerts, as well as Splunk Apps, Technology Add-ons, and making data Common Information Model compliant. The candidate will provide optimization of data flow using aggregation, filters, etc. The candidate will need to participate in the operation of Splunk and Splunk ES, Splunk UEBA and Microsoft IRM. Splunk UEBA Engineer will support: Preparation activities to include use case workshops, requirements gathering and capacity planning. Splunk UEBA Architecture Deployment Data onboarding and normalization Use case development and data visualization Tuning of architecture, data streams, and use cases Splunk Universal Forwarder configuration and deployment Required Qualifications: Bachelor's Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering Minimum of 3 years' experience in system integration including the design, development, enhancement of cyber systems Minimum 5 years of experience with Splunk operations and maintenance Must possess strong written and verbal communication skills and must be capable of understanding, documenting, communicating, and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise. Must have demonstrated ability to build and implement event correlation rules, logic, and content in the security information and event management system with specific experience in the Splunk platform Must have demonstrated ability to tune SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors. Must have experience creating scheduled and ad-hoc reporting with Splunk Must possess a thorough and in-depth understanding of SIEM technologies and event collection mechanisms in the Windows and Linux operating environments. Demonstrated experience creating or modifying Splunk Apps/TAs using regex/sed in configuring props/transforms. Strong understanding of Linux, Windows, Oracle, and other operating systems. Strong Splunk SPL and dashboard building skills. Linux networking troubleshooting skills. Experience with security tools such as packet capture solutions, IDS/IPS, and endpoint protection software. Experience deploying and configuring rsyslog or syslog-ng. Certifications: Splunk Admin, Splunk Architect, or Splunk Consultant Desired Qualifications: Experience creating and deploying Ansible playbooks Experience using and deploying Cribl Experience with Exabeam or Splunk UBA Experience maintaining an event schema with customized security severity criteria Experience with a cloud based Splunk deployment Experience supporting a Security Operation Center's Splunk deployment Experience as a Security Engineer and/or Security Analyst. Excellent problem-solving capabilities. Splunk Architect level cert or above AWS Administration cert or above Keywords: active directory Georgia |
| [email protected] View all |
| Wed Sep 06 22:18:00 UTC 2023 |