Job Description

(Posting). Summary Splunk ES Admin (L3) Manage SIEM Solution and Supporting Unit for HCL and its global customers Overall 10+ years of work experience but minimum 8 years of relevant Splunk cloud/on-prem admin + Splunk ES admin Certifications (must) Splunk Power User Splunk advance Power user Splunk Admin Splunk ES admin Splunk Cloud admin Certifications (optional) Splunk Architect Splunk consultant Splunk SOAR Responsibilities/Expected Experience On Resources should have extensive experience of data onboarding from different data sources like Network devices ,IDS/IPS logs, Threat intel, Infrastructure logs (windows, Linux), Application logs, Cloud based applications, SAAS based application, Database logs (SQL, ORACLE etc), proxy/web server logs, LDAP/AD, DNS logs etc. Worked on log aggregate tools like Syslog-ng, rsyslog, Haproxy, Nginx etc. Cloud ingestion - Using Splunk forwarders, Use API, Scripted, HEC, and Applications Forwarder management Manipulating raw data Installing and managing applications Experience on Splunk apps/add-on, how these can be used to onboard data or for CIM compatibility Experience/Understanding on Splunk knowledge objects (advance lookups, macros, field extractions, advance alerts, reports/dashboards, tags, data models, event types etc.) Experience on Splunk advance dashboard creation using java script/CSS/HTML Experience on Splunk app/addon creation (using Python/java script) Experience on troubleshooting over all components and their functionality Experience On Summary Index/data Models/reports And Their Acceleration Comfortable to write advance regular expressions or modify/tune existing regex Experience on Troubleshooting dashboards/Alerts/reports Experience on Splunk ES data mapping Experience on Splunk ES use case creation (correlation searches/Notable events) Experience on setup/configure Splunk ES app and it respective addon/application Technique and process to tune/suppress/reduce false positive alerts in Splunk ES Understanding of Cyber Security concepts and how to investigate cyber security events using Splunk ES dashboards Experience on troubleshooting Splunk ES predefined dashboards Experience on Threat intel framework in Splunk ES Experience on data masking, data parsing, data trimming, data filtration Experience on identifying data issues like timestamp issues, Line break issues, search time field extraction, index time field extraction Should have understanding of transforming, non-transforming, reporting commands in Splunk Able to tune reports/dashboards/alerts for best performance Able to resolve issues like (skipped searches, indexers cluster issues, SHC issues, adding removing cluster member, line break, timestamp issues Experience on improving performance of Splunk components (like CM, DS, search head cluster, indexer cluster) Should have implemented Splunk in distributed +cluster + multisite cluster environment Able to create Splunk data retention/Archiving policies Experience on Splunk Upgrade (including Splunk agents and other components), how to secure Splunk, authenticate Splunk (LDAP/AD, two factor) Worked on Splunk cloud Should have fair understanding on all conf files in Splunk and their use/significance Should have worked on ticketing tools like Service now/Remedy/Jira Should worked on Linux/Unix environment, experience on shell scripting. Basic/advance network troubleshooting concepts/commands in Linux/Unix environment Working experience on API creation Qualification B.E., B-Tech No. of Positions 1 Skill (Primary) Cloud Services-Platform Engineering-EMS Platform Auto req ID 1402320BR

foundit