SPLUNK LEAD

Job Description

• 8+ years of extensive experience in Security Information and Event Management with Strong Understanding of Cyber Security and Risk Management
• Extensive experience on Building Advisory, Cyber Security Use Cases and Correlations rules based on Threats, Event, Applications, Database and target assets.
• Lead and executed multiple SOC project engagements and helped clients worldwide in establishing and strengthening their security practice.
• High level of expertise in security implementation/SI project execution across various security tool/technology.
• Enterprise Security planning, Implementation and administration of Security solutions.
• Security Consultant in Global security operation centre and responsible for providing Security monitoring & threat management Solutions.
• Implementing cyber security centre and defining SOC process framework using various SIEM tools (HP Arc Sight, RSA envision, IBM Q-radar, Splunk, RSA Security Analytics, Net witness). Splunk is Must.
• Multiple threat intelligence source driven analysis & investigation. Leveraging multiple GTI feeds to outline complex & advanced use cases for threat and breach detection.
• Threat analysis & Incident response management to ensure timely and effective incident closure.
• Internal security controls review & risk assessment. Define security policy & controls based on security attack pathologies and business requirements.
• Familiarity with security regulatory requirements and standards (such as NIST 800 series, ITU, ITIL, PCI and ISO 27001)
• Advanced knowledge and experience with the multiple operating systems (Windows, *nix, OSX, VMware, IOS and other infrastructure device OS)
• Advanced experience with security technologies including Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, SIEM, Network Behavior Analysis tools, Antivirus, and Network Packet Analyzers, and Malware analysis and forensics tools
• Advanced knowledge of the TCP and IP protocol suite, security architecture, and remote access security techniques and products
• Platform Management & Configuration management of various security tools such as SIEM, Firewall, IPSIDS, Antivirus, DLP, Vulnerability Management, and Identity and access management.
• Splunk : Implementation , Integration , Administration, Architectural Knowledge and Monitoring
• Working knowledge and experience integrating Telecomm Applications with SIEM Technologies.
• Experience of integration with multiple external technologies e.g. Incident Management, CMDB (Remedy, Service Desk), PAM, IDAM, VM, Third party applications.
• Strong Understanding and working experience of SDLC include SIT, UAT and NFT. Execution experience of Performance testing.
• Defining integration approaches and creating interface documentation, Test cases for SIT, UAT and NFT.
• Technology Landscape, Education and Certification
• SIEM --> Splunk Core, Enterprise Security, FortiSIEM(accelops), HP Arc Sight, RSA envision, IBM Q-radar, RSA Security Analytics, Net witness.
• Threat Analytics - - >RSA ECAT, FTK ,Sandboxes,
• File Integrity Monitoring --> Tripwire File Integrity Monitoring,.
• Threat Intelligence - -> RSA Live, IBM xpose, HP Repsm and other GTI intelligence.
• Strong understating of Defense in Depth Architecture and security technology used at each layer.
• Splunk Certified Professional
• Bachelor of Technology in I.T. Key Skills: 8+ years of extensive experience in Security Information and Event Management with Strong Understanding of Cyber Security and Risk Management
• Extensive experience on Building Advisory, Cyber Security Use Cases and Correlations rules based on Threats, Event, Applications, Database and target assets.
• Lead and executed multiple SOC project engagements and helped clients worldwide in establishing and strengthening their security practice.
• High level of expertise in security implementation/SI project execution across various security tool/technology.
• Enterprise Security planning, Implementation and administration of Security solutions.
• Security Consultant in Global security operation centre and responsible for providing Security monitoring & threat management Solutions.
• Implementing cyber security centre and defining SOC process framework using various SIEM tools (HP Arc Sight, RSA envision, IBM Q-radar, Splunk, RSA Security Analytics, Net witness). Splunk is Must.
• Multiple threat intelligence source driven analysis & investigation. Leveraging multiple GTI feeds to outline complex & advanced use cases for threat and breach detection.
• Threat analysis & Incident response management to ensure timely and effective incident closure.
• Internal security controls review & risk assessment. Define security policy & controls based on security attack pathologies and business requirements.
• Familiarity with security regulatory requirements and standards (such as NIST 800 series, ITU, ITIL, PCI and ISO 27001)
• Advanced knowledge and experience with the multiple operating systems (Windows, *nix, OSX, VMware, IOS and other infrastructure device OS)
• Advanced experience with security technologies including Intrusion Detection & Prevention Systems (IDS/IPS), Firewalls & Log Analysis, SIEM, Network Behavior Analysis tools, Antivirus, and Network Packet Analyzers, and Malware analysis and forensics tools
• Advanced knowledge of the TCP and IP protocol suite, security architecture, and remote access security techniques and products
• Platform Management & Configuration management of various security tools such as SIEM, Firewall, IPSIDS, Antivirus, DLP, Vulnerability Management, and Identity and access management.
• Splunk : Implementation , Integration , Administration, Architectural Knowledge and Monitoring
• Working knowledge and experience integrating Telecomm Applications with SIEM Technologies.
• Experience of integration with multiple external technologies e.g. Incident Management, CMDB (Remedy, Service Desk), PAM, IDAM, VM, Third party applications.
• Strong Understanding and working experience of SDLC include SIT, UAT and NFT. Execution experience of Performance testing.
• Defining integration approaches and creating interface documentation, Test cases for SIT, UAT and NFT.
• Technology Landscape, Education and Certification
• SIEM --> Splunk Core, Enterprise Security, FortiSIEM(accelops), HP Arc Sight, RSA envision, IBM Q-radar, RSA Security Analytics, Net witness.
• Threat Analytics - - >RSA ECAT, FTK ,Sandboxes,
• File Integrity Monitoring --> Tripwire File Integrity Monitoring,.
• Threat Intelligence - -> RSA Live, IBM xpose, HP Repsm and other GTI intelligence.
• Strong understating of Defense in Depth Architecture and security technology used at each layer.
• Splunk Certified Professional
• Bachelor of Technology in I.T.

Keyskills :
managementdocumentationadministrationrisktestingonfigurationassessment