Description
We are currently seeking the services of a Splunk Consultant to be based in central London. The role is a 3 months rolling contract and they are looking for someone to start as soon as possible.
Please find the job description below:
The successful candidate must have security operations experience and be familiarity with web application logs from Apache/tomcat. They musty have knowledge of the network and endpoint security defence stack (Firewall, AV, Sandboxing, Email Filtering, IDS, etc). They must be able to describe a variety of security attacks and how to detected them and have extensive knowledge off advanced cyber-attack.
Essential skills:
- Windows/Linux logs
- Of how syslog works and is configured
- Regex
- Log Parsing/string manipulation
Must be able to use Splunk for:
- Correlation of events
- Manipulating and filtering
- Statistics
- Visualizations
- Data enrichment
- Lookups
- Alerting
- Filed extractions
- Data Models
- Reporting
Knowledge of the following would be ideal:
- Perl/Python
- Stix and Taxii
- SoltraEdge
- MISP/CRITs
- Docker