Senior security specialist - Chennai, India - Lennox India Technology Centre

    Lennox India Technology Centre
    Lennox India Technology Centre Chennai, India

    1 week ago

    Default job background
    Description

    The Splunk SME works as a member of the Cybersecurity Operations team. The Splunk SME serves as an escalation point for critical and complex issues, performs configuration and testing of products, assists with developing and documenting work processes and trains other members of the team. The primary focus for this role is to act as a Subject Matter Expert for Splunk and be able to configure, manage, operate, and administrate the platform for managed SIEM

    > Splunk Enterprise Security

    > Splunk Cloud

    > Splunk SDKs

    > Splunk knowledge objects

    > Splunk data inputs

    > Data Models

    > Splunk UBA

    > Linux

    > Splunk Certified Core Admin

    > Splunk Enterprise Security Certified Admin

    • SIEM (Splunk Enterprise Security) SME with an experience in Design, Implementation, and Maintenance of Splunk SIEM tool
    • Should have a good knowledge in creating incident workflow using Splunk enterprise security.
    • Should have a good experience in configuring, supporting, and troubleshooting the Splunk SIEM tool. Integration and troubleshooting of log sources and data parsing.
    • Having UBA knowledge is an added advantage.
    • Monitor all system, applications, hosts, data ingestion, forwarder status, system health.
    • Should have experience in creating advanced security use cases with mapping of frameworks ( MITRE attack & Kill chain )
    • Should have an experience in Splunk ESCU, Security Essentials use cases fine tuning.
    • Should have experience in managing in RBAC in Splunk.
    • Proficient at data on-boarding activities including custom parsing rules, custom Technology Add-On building according to Splunk's Common Information Model (CIM).
    • Experience developing custom data models in splunk ES.
    • Onboard data to Splunk via forwarder, scripted inputs, TCP/UDP, and modular inputs from a variety of sources
    • Should have ability to create custom queries, event parsers searching and reporting capabilities. with SIEM Tool and custom dashboard creation.
    • Experience with bi-directionally integrating Splunk with a 3rd party ticketing system, such as Service Now
    • Assist with designing and documenting
    • Minimum 6 years of Splunk administration, configuration and management required.