Description
The Sr. Splunk Consultant will lead Security Risk Consulting (SRC) program engagements focused on the design, development and implementation of Splunk-based Security Information and Event Management (SIEM) solutions for large enterprise organizations.
This individual will provide Clients with architecture and design plans to support the implementation and operation the Splunk platform using security information and event management (SIEM) best practices and Splunk Enterprise Security, as well as other Splunk Apps and Add-ons.
This person will design Splunk solutions to accommodate client and service-related growth plans while maintaining a balance between performance, flexibility and stability. The role includes responsibility for managing customer expectations, assisting clients with onboarding data into Splunk, supporting projects for multiple clients, including multi-site/distributed or clustered Splunk installations, and assisting with the development of plans and advanced reports to meet the requirements of key stakeholders.
You will also be responsible for conducting research in areas driven by customer use cases and architecting and supporting various other vendor products/solutions that may be used to configure and deploy enterprise SIEM solutions for our clients. This individual will also be responsible for assisting with the creation of procedures, implementation of processes and development of plans for managing and maintaining SIEM solution deployments in client environments (both in the cloud and on-premise). The Senior SIEM Architect/Consultant will work closely with Management, Consultants, Solution Architects, Security Engineers, and Clients to deliver critical security services to our clients and will serve as a subject matter expert and engagement lead for Managed SIEM Services.
Role Responsibilities
- Engineer, configure, & deploy Splunk products and log management solutions as well as related Splunk Apps and Add-ons for client Managed SIEM engagements.
- Work with assigned Program Manager(s) to lead the technical aspects of Managed SIEM Services engagements to help prioritize clients work requests, project tasks, and service-related tasks.
- Work closely with Management, Service Delivery and other Security Analysts and Engineers in defining processes and procedures for Managed SIEM services projects.
- Guide the design, development, and review of complex SIEM security content (ie, rules, reports, dashboards).
- Analyze and identify areas of improvement with existing SIEM processes, procedures and documentation.
- Assist in the development of internal training methods to support Managed SIEM service development.
- Act as a subject matter expert for other Engineers and provide guidance and mentoring on SIEM solutions.
- Assist with client transition and onboarding serves as a primary point of contact for Managed SIEM Services clients.
- Explain and demonstrate how to use SIEM solutions to both technical and relatively non-technical personnel.
- Provide remote consulting services via interactive client sessions to assist with implementation of multiple SIEM product vendors and technologies.
- Implement and configure SIEM software and appliance-based products in large enterprise environments
- Recommend, test, tune and implement SIEM and other tooling correlation rules
- Identify false-positives from alerting, and perform incident response, triage, incident analysis and remediation tasks
- Provide technical hands on support for the migration of SIEM rules
- Create, modify, and update correlation rules, reports and dashboards for SIEM solutions (primarily Splunk)
- Interact with client's that leverage SIEM and other tools to provide guidance on security alerting and monitoring best practices
- Work with our internal Managed SIEM Services team and Client POCs to develop SIEM incident response plans, triage guidance, incident analysis and remediation guidance, as necessary
Requirements
- Minimum of 5 years of cyber security experience
- Minimum of 2 years of experience as a Splunk Administrator, or in designing/developing SIEM architecture solutions using Splunk as a SIEM in enterprise environment(s)
- Splunk Administrator or Architect Certification
Preferences
- Prior experience with Splunk ES is highly preferred
- Prior experience as a Splunk administrator
- Splunk Search Processing Language (SPL) experience
- Prior experience developing use case content in Splunk (ie, development of correlation searches/rules, reports, dashboards and/or apps and add-ons for Splunk)
ITHR Group is acting as an Employment Business in relation to this vacancy.
ITHR Group is an Equal Opportunities employer; we welcome applicants from all backgrounds.