Splunk SIEM and Automation Analyst
- Remote – UK
- Excellent package on offer
Summary:
Net Talent are partnering with an international technology company who are a world leader in customer engagement software. This position will play a crucial role in the research and development activities of the company. You will work in cross functional teams to design, develop and implement innovative web-based applications.
Responsibilities:
- Co-manage SIEM core and SOAR module.
- Work with Splunk SIEM and SOAR technologies to increase and improve the scope of automation efforts.
- Leverage existing SIEM technologies to improve behavioral and risk-based analysis as well as machine learning\AI functionality for higher fidelity SOC alerts.
- Work with SIEM partners to enhance dashboards for analytics.
- Assist the SOC and DSVM (date security and vulnerability management) when required in their investigation and incident response efforts.
Requirements:
- Demonstrable knowledge of one or more of the following: Splunk, Python, XML, Linux, Windows, SQL. Certifications in these would be preferred.
- CISSP or equivalent certification preferred.
- Splunk Certification: Core, Enterprise and/or Cloud preferred.
- Understanding of various operating systems (Window, Mac, Linux, etc.).
- Minimum of 5 years IT experience.
- Minimum of 3 years experience with Splunk Core, SIEM, and SOAR modules.
- Experience designing and implementing ground up distributed Splunk SOAR installations.
- Experience with advanced configuration of Splunk SOAR.
- Experience maintaining and administering enterprise Splunk SOAR.
- Experience developing custom Splunk SOAR playbooks, workflows, and configurations.
- Experience integrating Splunk SOAR platform with other tools from both a data and automation perspective.
- Experience maintaining and administering Splunk SIEM.
- Experience configuring data models and correlations with Splunk SIEM.
- Background in metrics/reporting.