Key Responsibilities:
- Design and architect Splunk-based SIEM solutions to meet organizational security requirements.
- Lead the deployment and configuration of Splunk Enterprise and Splunk Enterprise Security (ES).
- Define and implement data onboarding strategies for various log sources including servers, network devices, cloud platforms, and applications.
- Develop and maintain Splunk architecture documentation including data flow diagrams, integration points, and system dependencies.
- Collaborate with SOC, incident response, and IT teams to ensure effective threat detection and response capabilities.
- Establish best practices for Splunk performance tuning, indexing strategies, and data retention policies.
- Design and implement correlation rules, dashboards, and alerts to support security operations.
- Ensure compliance with regulatory requirements by enabling audit logging and reporting capabilities.
- Evaluate and integrate third-party tools and technologies with Splunk to enhance SIEM capabilities.
- Provide guidance and mentorship to Splunk administrators and analysts on architecture and design principles. Stay current with industry trends and emerging technologies in SIEM and cybersecurity.
Required Skills:
- Strong expertise in Splunk platform and its components.
- Experience with Splunk Enterprise Security (ES).
- Proficiency in SPL (Search Processing Language) for creating dashboards, alerts, and reports.
- Familiarity with security operations, incident response, and threat detection.
- Ability to onboard and integrate various data sources into Splunk.
- Knowledge of log management, parsing, and normalization techniques.
- Understanding of compliance requirements and audit reporting.
- Strong troubleshooting and performance optimization skills.
- Excellent communication and collaboration abilities.
- Relevant certifications (e.g., Splunk Certified Admin, Architect,) are a plus.