Description
We are looking for a Splunk Enterprise Security Consultant in Prague. Remote work is also allowed with travel to prague sometimes.
Below is the JD:
We are looking for 5+ years experience on ES.
Requires hand on experience of Splunk ES - biz rule implementation experience
Job Description:
- Making use of accelerated data models for Splunk Enterprise Security rules
- Configure correlation searches with summaries only
- Manage Splunk roles on Enterprise Security to make sure the proper capabilities are set to the proper users and no more than those.
- Create Macros that will provide the abstract categorizations the client requires to get the in-context results.
- Fill in the SOC team with the tools of Investigations, Swimlanes and Glass Tables
- Use existent rules, update the set of rules with newly released ones and align with the client for custom-based scenarios in Correlation Searches.
- Align Priority and Severity of Assets and Identities with client. Monitor Risk, analyse and configure it