Managed Services Consultant

Experience Required: 5+ years

Job Description:

We are seeking an experienced Splunk Administrator to manage and enhance our Splunk Enterprise environment. The ideal candidate will have a strong background in administration, configuration, and security use case development within Splunk.

Key Responsibilities:

• Administer the Splunk Enterprise environment including:
• Deployment of solutions
• User management and license management
• Upgrades, patch deployment, and managing log sources
• Configuration, change management, and report management
• Backup and recovery management
• Onboard new log sources and ensure efficient data ingestion.
• Develop security use cases using Splunk Enterprise Security, including:
• Construction of SIEM content for correlation rules, reports, and queries
• Manage support tickets with SIEM support and perform troubleshooting for log sources that are not sending data.
• Conduct periodic reviews of existing Splunk configurations and propose enhancements.
• Continuously develop use cases, dashboards, alerts, and reports to meet organizational needs.
• Create and implement custom correlation rules based on business requirements.
• Support audits conducted by regulators and provide relevant evidence from the SIEM solution.
• Develop parsing rules for non-standard logs.
• Configure threat feeds, Indicators of Compromise (IoCs), Sigma rules, and advisories from regulators and recognized global organizations.
• Administer the Splunk UBA environment and manage health using the Splunk UBA Monitoring App.
• Ingest CIM-compliant data, raw events, and HR data from the Splunk platform into Splunk UBA.

Qualifications:

• Minimum of 5 years of experience in Splunk administration.
• Strong understanding of SIEM tools and security practices.
• Familiarity with Splunk UBA is highly desirable.
• Excellent analytical and problem-solving skills.
• Ability to collaborate with cross-functional teams.
• Strong communication skills, both verbal and written.