Title: Technical Specialist-Cloud & Infra Engg

Description:

Area(s) of responsibility

Key Responsibilities:

Daily Security Review: Monitor the Virtus Splunk environment (8x5) to detect anomalies, filter false positives, investigate threats, and escalate valid security incidents as per the Escalation Plan.
Security Rule Tuning: Adjust security rules based on analysis and client feedback to enhance threat detection and reduce false positives.
Not able Event Investigation: Perform initial analysis of notable security events and escalate cases requiring client attention.
Security Use Case Development: Identify security incidents, refine detection processes, and update notification procedures per the agreed rules of engagement.
Splunk Administration: Maintain the health of Splunk infrastructure, including search heads, indexers, deployment servers, and other critical components.
Splunk Upgrades: Provide upgrade roadmaps, determine upgrade sequences, and assist with implementation to ensure an up-to-date Splunk environment.
Splunk Dashboards & Searches: Develop customized dashboards, reports, and saved searches tailored to client requirements, integrating necessary data sources.
Data Source Onboarding: Add new data sources to Splunk Enterprise Security, including installing technology add-ons, field extraction, and Common Information Model (CIM) normalization.
Service Desk Integration: Manage ticket escalations through the Virtus Service Desk and leverage KACE for efficient incident response and tracking.

Required Qualifications:

Experience: 5+ years in Splunk administration, including security monitoring and incident response.

Technical Skills:

Strong expertise in Splunk Enterprise Security and its components.
Proficiency in security use case development and event correlation.
Experience with Splunk search processing language (SPL), dashboards, and reporting.
Hands-on experience with data source onboarding and CIM normalization.
Familiarity with ticketing systems like KACE or similar ITSM platforms.
Certifications: Splunk Certified Admin, Splunk Enterprise Security Certified Admin (preferred).

Apply now »

Provider	Description	Enabled
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions
Google Analytics	Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Cookie Information Privacy Policy Terms and Conditions