Engineer

• Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
• Minimum of Splunk Power User Certification
• Assist in remote and on-site gap assessment of the SIEM solution
• Work on defined evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations
• Assist in interview with stakeholders, review documents (SOPs, Architecture diagrams etc.)
• Assist in evaluating SIEM based on the defined criteria and prepare audit reports
• Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment
• Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers
• Verification of data of log sources in the SIEM, following the Common Information Model (CIM)
• Experience in parsing and masking of data prior to ingestion in SIEM
• Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution
• Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources
• Assist client with technical guidance to configure their log sources (in-scope) to be integrated to the SIEM
• Experience in SIEM content development which includes: Hands-on experience in development and customization of Splunk Apps & Add-Ons
• Builds advanced visualizations (Interactive Drilldown, Glass tables etc.)
• Build and integrate contextual data into notable events
• Experience in creating use cases under Cyber kill chain and MITRE attack framework
• Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications
• Sound knowledge in configuration of Alerts and Reports
• Good exposure in automatic lookup, data models and creating complex SPL queries
• Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
• Experience in creating custom commands, custom alert action, adaptive response actions etc.

Staff Splunk Engineer

WMS Engineer

Senior Disaster Recovery Engineer

Dynamics Engineer

Civil Project Engineer

Team Lead – Forward Deployed Engineer