Job Description

Date Opened: Aug 26, 2022 Location: IN Company: Allstate Insurance Company

The Associate Principal Consultant in Splunk cloud platform will be a key member of the Splunk platform administration team focusing on the cloud Splunk platform providing technical expertise to Allstate’s Global Security Fusion Center (GSFC). The candidate is responsible for engineering and maintaining log collection, aggregation and ingestion from cloud instances to the SIEM platform that offers its services to the entire Allstate organization and its affiliates.

Job Responsibilities

• Provide technical input for all design, implementation, and maintenance activities related to the SIEM apps and content.
• Hands on experience on deployment and maintenance of Splunk in AWS and/or Azure cloud
• Experience is deployment of service using IAC (Infrastructure as Code).
• Good working experience in Python and Ansible play book, knowing Terraform is an added advantage
• Good understanding of Splunk environment and experience in troubleshooting issues on ingestion, unavailability of Data
• Good understanding of implementing and working with Smartstore in AWS and the lifecycle policy
• Create, optimize, and continuously evaluate security monitoring content on the SIEM platforms.
• Design and create new detection techniques and improve existing ones.
• Identify gaps in existing security capabilities and enhance them by closely working the stake holders.
• Recommend and assist in technology evaluations and implementations.
• Contribute to large security projects and initiatives working with all areas of Information Services, business units, and other partners.

Primary Skills

• Proficient in Splunk Query Language (SPL)
• Content Development in any major SIEM platform
• Information Security background with experience in use case development in the SIEM platform
• Working knowledge in Splunk Enterprise Security App

Experience

• Strong Python Scripting experience is a must
• Good to have Ansible coding experience
• Having experience in Terraform is an advantage
• Working knowledge in Splunk Enterprise Security App

Shift Timing

Shift B: 1:30pm to 10:00pm