SENIOR SPLUNK EXPERT

We are DIGITALL (www.digitall.com). Due to our rapid growth and business expansion, we are seeking for

SENIOR SPLUNK EXPERT

As part of the new tender, the existing resources for Cyber Defence Centre services should be expanded. For the SIEM landscape, а Splunk Expert is required.

The Splunk expert has the full task of further developing and expanding the Enterprise Splunk environment in order to increase the security level for the company.

?The task environment comprises 3 pillars: use case development, integration of further systems and the connection of log sources, architecture topics.

?Use Case Development

?A central topic is the use case development, in which the Splunk expert with his own ideas then independently goes into the implementation. The use cases are intended to monitor the heterogeneous system landscape and to show them in the event of corresponding anomalies. These use cases should then be designed as an application in such a way that the analysts in the CERT can work effectively with them.

?Integration Items

?Another aspect is the integration of other systems and the connection of log sources to the SIEM infrastructure.

Further security systems, such as e.g. security components, have to be connected to the Splunk in order to be able to evaluate their events in Splunk. These events, in turn, can also serve as a data basis for the use cases.

In addition, other log sources are to be connected to the SIEM, for example WAF, Active Directory, DHCP, etc. From an operational point of view, monitoring is necessary for availability and data quality. The CIM conformity of the connected log sources must be ensured.

The Splunk expert independently analyzes and evaluates which other systems and log sources are to be integrated or connected from his expertise in the sense of increasing the security level for the company.

?Architecture topics

The Splunk expert analyzes the architecture of the SIEM infrastructure. If it is necessary to increase the performance/security level of the company, extensions or changes can be made. For example, by connecting new log sources, higher performance requirements can arise for the SIEM infrastructure. This field of activity as a Splunk expert requires extensive experience in Splunk Enterprise in heterogeneous infrastructures:

?Requirements:

- at least 5 years as Splunk Expert;

- Several years of information security experience;

- the experience should be based in the Splunk environment of large companies/corporations;

- in-depth Linux knowledge;

- Certification as Splunk Enterprise Architect Splunk and Splunk Enterprise Security Certified Admin;

- High degree of independence;

- Knowledge in the ITIL v3 area would be an advantage.

Sounds challenging? PM for details here or at: [email protected]