Understand the customer environment and create HLD for SIEM & SOAR implementation
Work with cross functional teams in enabling & implementing Splunk SIEM solution & log ingestion from the customer’s Security Stack.3. Enable OOB & custom use cases per customer requirement.
Good experience in Splunk Query language
Identity & implement possible automation scenarios leveraging Splunk Phantom.
Responsible Security event triage and security incidents investigations, including support for forensics analysis.
Conduct proactive threat and compromise analysis by reviewing reports to understand threat campaign(s) techniques, lateral movements, and extract indicators of compromise (IOCs).
Lead the team with accountability to ensure overall delivery requirements are met
Monitor, evaluate, and assist with the maintenance of assigned security systems in accordance with industry best practices to safeguard internal information systems and databases
Analyze a variety of network and host-based security appliance logs determine the correct remediation actions and escalation paths for each incident.
Ability to conduct packet analysis and articulate findings in order to fine-tune alerts
Conduct advanced use case development leveraging all product features (trends + variables + hierarchal architectures, Pattern Discovery)
Responsible for Security Incident Response and documentation of investigation reports
Prioritize & determine events that are relevant for immediate action,
Maintain an expert understanding of vulnerabilities, response, and mitigation strategies used to support cyber security operations
Serve as point of escalation for Level 1/2 analysts
Tune the logging from all security appliances for relevant alerting levels
Work closely with all Security Operations staff to ensure 24x7 availability.