Description
Job Title: Splunk Architect (Splunk Enterprise Security(ES)
Location: London
Type: Contract
Skills required
- Very strong skills with Splunk Enterprise Security(ES) with strong ability to architect, design and deploy in Enterprise environments
- Strong skills in all relevant functions of Splunk ES used for Security operations
- Strong skills in conceptualizing, designing and building dashboards using Splunk ES
- Very strong hands on skills on automation and response features and associated configuration aspects (Phantom)
- Strong knowledge of security incident analysis tool incident workbench
- Provide technical leadership for Splunk ES (SIEM) to support security operations teams when needed
- Strong experience in migration of SIEM platforms to Splunk ES for security monitoring
- Coordinate SIEM platform efforts across multiple business units as part of design/implementation
- Very good experience/knowledge on Splunk UBA capability, Phantom for Orchestration
- Skill in integration of Splunk ES with various threat intelligence sources
- Knowledge of other SIEM platforms and their architecture
- Conduct proof-of-concept reviews for new security products & Splunk integration
- Prepare reports, summaries, and other forms of communication that may be both internal and client facing.
- Maintaining familiarity with industry trends and security best practices like MITRE Att&ck framework that can be leveraged for customizing Splunk ES platform for investigation and response
- Work/guide on Scripting like Python, Perl, Bash and/or Shell Scripting
- Certified in Splunk admin & Splunk ES
Experience
- 12+ years of IT industry experience working with large organizations in the area of infrastructure/IT Security
Soft skills
- Strong verbal and written communication skills
- Experience in working with security stakeholders and other senior security leaders
- Interface with client stakeholders on technical requirements to improve and build the splunk ES platform
- Effectively communicate/present security concepts with both technical and non-technical individuals
- CISSP/CISM certification will be preferred
- Open for business travel at short notice