Job Description (Posting). 'Summary - Splunk (L2) Manage SIEM Solution and Supporting Unit for HCL and its global customers Overall 5+ years of work experience but minimum 2.5 years of relevant Splunk cloud/on-prem admin + Splunk ES adminCertifications (must)1) Splunk Power User2) Splunk advance Power user 3) Splunk Admin Certifications (optional) 1) Splunk Architect2) Splunk consultant 3) Splunk SOAR4) Splunk ES admin5) Splunk Cloud adminResponsibilities/Expected experience on Resources should have extensive experience of data onboarding from different data sources likeNetwork devices ,IDS/IPS logs, Threat intel, Infrastructure logs (windows, Linux), Application logs, Cloud based applications, SAAS based application, Database logs (SQL, ORACLE etc), proxy/web server logs, LDAP/AD, DNS logs etc. Worked on log aggregate tools like Syslog-ng, rsyslog, Haproxy, Nginx etc. Cloud ingestion - Using Splunk forwarders, Use API, Scripted, HEC, and Applications Forwarder management Manipulating raw data Installing and managing applications Experience on Splunk apps/add-on, how these can be used to onboard data or for CIM compatibility Experience/Understanding on Splunk knowledge objects (advance lookups, macros, field extractions, advance alerts, reports/dashboards, tags, data models, event types etc.) Experience on Splunk advance dashboard creation using java script/CSS/HTML Experience on troubleshooting over all components and their functionality Experience on summary index/data models/reports and their acceleration Comfortable to write advance regular expressions or modify/tune existing regex Experience on Troubleshooting dashboards/Alerts/reports Experience on data masking, data parsing, data trimming, data filtration Experience on identifying data issues like timestamp issues, Line break issues, search time field extraction, index time field extraction Should have understanding of transforming, non-transforming, reporting commands in Splunk Able to tune reports/dashboards/alerts for best performance Able to resolve issues like (skipped searches, indexers cluster issues, SHC issues, adding removing cluster member, line break, timestamp issues Experience on improving performance of Splunk components (like CM, DS, search head cluster, indexer cluster) Should have implemented Splunk in distributed +cluster + multisite cluster environment Able to create Splunk data retention/Archiving policies Experience on Splunk Upgrade (including Splunk agents and other components), how to secure Splunk, authenticate Splunk (LDAP/AD, two factor) Should have fair understanding on all conf files in Splunk and their use/significance Should have worked on ticketing tools like Service now/Remedy/Jira Should worked on Linux/Unix environment, experience on shell scripting. Basic/advance network troubleshooting concepts/commands in Linux/Unix environment Working experience on API creation for data onboarding and fair understanding on Splunk API Problem isolation and working with Splunk Cloud support Chair daily/weekly/Monthly customer meetingsEducational Qualification: Bachelors and above degree in Computer Science, Information Technology, MIS, Engineering' (1.) To clearly understand the client's cybersecurity environment and respective product. (2.) To monitor, configure, and troubleshoot cybersecurity issues and related monitoring tools (3.) To analyse and validate cybersecurity incidents in-detail and help the L3 team with RCAordata or logs collection (4.) To enable knowledge transfero Qualification B Tech Skill (Primary) INFORMATION SECURITY-SIEM EXPERT-OTHER SIEM
