1. Must have 5 yrs network analyst and SIEM SME evaluating customers’ networks and security methodologies including:
- Sniffer or other traffic analysis tools to identify network and security protocols
- Expert level use of Splunk platform query to mine data across a 3000+ server mixed 80% Windows and 20% Linux (including RHEL)
- Splunk ES and Spunk Phantom
- Splunk Enterprise Security experience
- Azure and Splunk in Azure experience is a plus
2. Must have previous experience
- Network protocol analysis
- Splunk query language
- Identification of IP and security protocols
- Solid documentation and reporting skills
- Self-starter with excellent time management
3. Must have previous experience in security operations, incident management, or command center environment such including:
- Breaking down, Integrating various log and data sources into SIEM
- Development of reporting and dashboard that align with the compliance and security goals of the organization
- Analyze data gathered and develop correlation of the protocol, server configuration, and identification of the corresponding application.
- Establishing and documenting standards, workflows, and processes for the project
- The following are security certification are recommended: CISSP, CISM, GSEC, GIAC, GPEN
4. Must be able to communicate progress and result effectively with network, server, and application teamsx