| Immediate need Splunk UEBA Architect (Splunk Enterprise Certified) - Remote at Enterprise, Utah, USA |
| Email: [email protected] |
| From: Shobhana Kulhade, Sydata Inc [email protected] Reply to: [email protected] Immediate need Splunk UEBA Architect (Splunk Enterprise Certified) - Remote Splunk UEBA Architect (Splunk Enterprise Certified) - Remote Atlanta, GA 30303 24 Months Rate: $60/hr on C2C SPLUNK ES Certification is Manadate (Please attach a copy of certificate along with resume) Detailed Job Description: Splunk UEBA Architect (User and Entity Behavior Analytics (UEBA)) Essential Duties and Responsibilities: Following is a summary of the essential functions for this job. Other duties may be performed, both major and minor, which are not mentioned below. Specific activities may change from time to time. We are seeking candidates who can deploy and maintain the backend architecture and developing content for complex and growing Splunk infrastructures. This includes use cases for Dashboards, Reports, Alerts, as well as Splunk Apps, Technology Add-ons, and making data Common Information Model compliant. The candidate will provide optimization of data flow using aggregation, filters, etc. The candidate will need to participate in the operation of Splunk and Splunk ES, Splunk UEBA and Microsoft IRM. Splunk UEBA Engineer will support: Preparation activities to include use case workshops, requirements gathering and capacity planning. Splunk UEBA Architecture Deployment Data onboarding and normalization Use case development and data visualization Tuning of architecture, data streams, and use cases Splunk Universal Forwarder configuration and deployment Required Qualifications: Bachelor's Degree in Information Technology, Cyber Security, Computer Science, Computer Engineering, or Electrical Engineering Minimum of 3 years' experience in system integration including the design, development, enhancement of cyber systems Minimum 5 years of experience with Splunk operations and maintenance Must possess strong written and verbal communication skills and must be capable of understanding, documenting, communicating, and presenting technical issues in a non-technical manner to audiences with varying degrees of technical expertise. Must have demonstrated ability to build and implement event correlation rules, logic, and content in the security information and event management system with specific experience in the Splunk platform Must have demonstrated ability to tune SIEM event correlation rules and logic to filter out security events associated with known and well-established network behavior, known false positives and/or known errors. Must have experience creating scheduled and ad-hoc reporting with Splunk Must possess a thorough and in-depth understanding of SIEM technologies and event collection mechanisms in the Windows and Linux operating environments. Demonstrated experience creating or modifying Splunk Apps/TAs using regex/sed in configuring props/transforms. Strong understanding of Linux, Windows, Oracle, and other operating systems. Strong Splunk SPL and dashboard building skills. Linux networking troubleshooting skills. Experience with security tools such as packet capture solutions, IDS/IPS, and endpoint protection software. Experience deploying and configuring rsyslog or syslog-ng. Certifications: Splunk Admin, Splunk Architect, or Splunk Consultant Desired Qualifications: Experience creating and deploying Ansible playbooks Experience using and deploying Cribl Experience with Exabeam or Splunk UBA Experience maintaining an event schema with customized security severity criteria Experience with a cloud based Splunk deployment Experience supporting a Security Operation Center's Splunk deployment Experience as a Security Engineer and/or Security Analyst. Excellent problem-solving capabilities. Splunk Architect level cert or above AWS Administration cert or above Thanks & Regards: Shobhana Kulhade Sr. IT Recruiter Sydata Inc Email: [email protected] 6494 Weathers Place Suite#100 San Diego, California, 92121 Website: www.sydatainc.com Notice: This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient (s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message by "REMOVE" Keywords: active directory information technology Georgia |
| [email protected] View all |
| Mon Oct 02 22:39:00 UTC 2023 |