Hello
Greetings from E-IT
Role: Splunk L3 SOC Analyst
Location: Iselin NJ (Day 1 Onsite)
Hire Type: Contract
Persistent Systems
What you’ll do
- Deployment and configuration of Splunk platform (Enterprise) / Splunk Cloud.
- Demonstrate Splunk Core capabilities to prospective clients.
- Optimize Splunk platform architecture for large-scale and distributed deployments.
- Adopt best practices and development standards, deploying the same.
· Develop and fine-tune Splunk security monitoring rules along with writing Splunk Alert Detection Strategy (ADS) templates
- Develop and customize Splunk apps and dashboards, building advanced visualizations.
- Analyzing and triaging security alerts generated by the SOC tools, making informed decisions on the appropriate response.
- Responding to security incidents, taking appropriate actions to contain, mitigate, and remediate security threats.
- Collaborating with other members of the SOC team, as well as internal and external stakeholders, to resolve complex security incidents.
- Keeping up to date with the latest cybersecurity threats, trends, and technologies to improve the efficiency and effectiveness of incident response.
- Documenting security incidents, responses, and related information in accordance with established procedures.
- Mentoring and training lower-level SOC technicians on the use of the SOC tools and incident response best practices
Expertise you’ll bring
- Good understanding cyber-attack methods and tactics to perform advanced analysis of security logs in order to detect unauthorized behavior
- Execute incident response process when a security incident has been declared. Maintain logs related to network functions, as well as maintenance and repair records. Document and present findings to management suitable for customer
- Administering Production Systems with Splunk platform and multiple data sources (Metrics, Windows sources, HEC, etc.).
- Good knowledge on administering splunk indexer clusters, search head clustering, maintaining KVStores, maintain macros and views. Must have working knowledge of an enterprise log management tool. Knowledge on splunk .conf files, administering splunk on Linux systems, splunk data retention policies. Splunk log source integration.
- Execute migration/upgrade for Splunk platform.
- Perform in-depth diagnostic of security incidents, identifying root causes and updating security incident reports with detailed RCA aligned with NIST and ISO27001
- Document resolved issues effectively for knowledge management.
- Cross-train peers on tool usage and assist in creating best practices.
- Work independently on multiple assignments, proactively prioritizing focus and effort.
- Hands-on knowledge of Deployment, Administration, and Development of the Splunk Enterprise and Cloud platform.
- Implement and maintain Splunk platform infrastructure and configuration.
- Provide day-to-day operational and user support.
- Execute new projects, data, and user onboarding.
- Integrate other tools like JIRA, ServiceNow, Jenkins, AWS, IBM QRadar, PowerBI, etc., with Splunk using 3rd party apps.
- Proficient in writing SPL queries for security event monitoring & alerting, advanced threat hunting including fine tuning queries for performance / false-positives and writing new queries for coverage against MITRE
- Experience in advanced-level dashboarding, scheduled jobs, Data models, Lookups, and other knowledge objects.
- Experience in performance optimization of existing dashboards, reports, and alerts.
- Experience in MLTK, DB Connect Apps, and proficiency in at least one scripting tool (Python / Shell).
Regards,
Abdul Mazeed – Senior Executive
E-IT Professionals Corp
17199 N Laurel Park Dr. Ste 402, Livonia, MI 48152
Direct: (734) 619-7601 | Abdul@eitprofessionals.com |Fax: (734) 416-0010
linkedin.com/in/abdul-mazeed-a75081185
www.eitprofessionals.com