Senior Citrix Engineer
Labcorp
Citrix
Staff Splunk Engineer
EY
full-time
Posted on:
Location Type: Remote
Location: Remote • 🇮🇳 India
Visit company websiteJob Level
Lead
Tech Stack
JavaScriptLinuxSplunk
About the role
- Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
- Minimum of Splunk Power User Certification
- Assist in remote and on-site gap assessment of the SIEM solution
- Work on defined evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations
- Assist in interview with stakeholders, review documents (SOPs, Architecture diagrams etc.)
- Assist in evaluating SIEM based on the defined criteria and prepare audit reports
- Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment
- Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers
- Verification of data of log sources in the SIEM, following the Common Information Model (CIM)
- Experience in parsing and masking of data prior to ingestion in SIEM
- Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution
- Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources
- Assist client with technical guidance to configure their log sources (in-scope) to be integrated to the SIEM
- Experience in SIEM content development which includes: Hands-on experience in development and customization of Splunk Apps & Add-Ons
- Builds advanced visualizations (Interactive Drilldown, Glass tables etc.)
- Build and integrate contextual data into notable events
- Experience in creating use cases under Cyber kill chain and MITRE attack framework
- Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications
- Sound knowledge in configuration of Alerts and Reports
- Good exposure in automatic lookup, data models and creating complex SPL queries
- Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
- Experience in creating custom commands, custom alert action, adaptive response actions etc.
Requirements
- Minimum of 3 years’ experience in Splunk
- 3 to 5 years of overall experience
- Knowledge in Operating System and basic network technologies
- Experience in SOC as L1/L2 Analyst will be an added advantage
- Strong oral, written and listening skills
- Good to have knowledge of Vulnerability Management, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting
- Certification in any other SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage
- Certifications in a core security related discipline (CEH, Security+, etc.) will be an added advantage.
Benefits
- Competitive salary
- Flexible working hours
- Professional development budget
- Home office setup allowance
- Global team events
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
Splunk EnterpriseSplunk Enterprise SecuritySplunk UEBASIEMSPLCSSJavaScriptHTMLXMLCommon Information Model (CIM)
Soft skills
strong oral skillsstrong written skillslistening skillsconsultingtechnical guidance
Certifications
Splunk Power User CertificationCEHSecurity+IBM QRadarExabeamSecuronix
