Us Citizen
Green Card
EAD (OPT/CPT/GC/H4)
H1B Work Permit
Corp-Corp
Consulting/Contract
UG :- - Not Required
PG :- - Not Required
No of position :- ( 1 )
Post :- 27th Nov 2020
Splunk L3 Consultant in the below location.
Location : Frisco, Texas
*Position is Remote until COVID situation gets better*
Passed Trainings/Certification level – MUST :
Job Descriptions:
As a Splunk Platform Engineer, Your responsibility is going to be to get all the agreed data from technology or application in scope and make sure data is being received by our SIEM solution and with all important attributes.
Excellent communication skills are mandatory for this type of tasks, as a lot of engagement with the internal customers happens on a daily basis. You will be responsible for data mapping according to the CIM and according to the Use-Case development requirements. You are going to design the structure of use-cases with the customers and act as a subject matter expert for the customers being on-boarded to SOC.
Essential Knowledge, Skills and Experience
Understanding of Splunk architecture components, include search head clustering, indexer clustering, deployment server and monitoring console
Understanding of configuration files and relationship between GUI configuration and backend configuration file impact
Experience of different techniques to onboard data into Splunk like with agent or agentless inputs
understand the difference between Universal forwarders and Heavy forwarders
understanding of SPL is a benefit
understanding of CIM is a must
Experience of mapping data to CIM data models , normalizing data etc.
an understanding of error messages and logs displayed by various software
ability to troubleshoot, diagnose and solve issues independently
self-learner, ability to document learning as experience is gained
understanding of network protocols and topologies
strong technical troubleshooting and analytical skills
experience with platform and application automated deployment and version control software e.g. (Ansible, Git, Bitbucket)
Fix whatever platform related issues independently
Make sure the platform is stable and avoiding any downtime.
Understanding of device & security logs and able to extract data from logs using regular expressions.
Good hands on exposure of SOAR platform like Siemplify, Demisto, Phantom, Ansible
Excellent understanding of Security Incident detection and remediation workflow.
Hands on Experience in writing custom scripts for task automation.
Experience of Integrating tools with SOAR platform.
Designing in creating workflows in SOAR platform.
a knowledge of the MITRE ATT&CK framework is a plus for you
ability to prioritise workload
excellent written and spoken English
calm and logical approach