Senior SIEM Administrator

Job Description

Should have strong knowledge in Splunk SIEM engineering and administrative activities. Should have performed SIEM engineering role more than 2+ years. Problem solving & People management skills are required. Should have expertise in building custom analytical rules, tuning of analytical rules, building automation through Azure logic apps, management of entire product feature, end to end configuration. Should have expertise in forming KQL queries and functions for complex detection and monitoring requirements. Should have strong knowledge in MITRE attack framework and expertise in developing analytical rules and custom dashboards/workbooks across framework. Should have expertise in log management, retentions, maintenance of logs at low cost, performing access management, developing new custom dashboard based on different requirements. Should have proven record of implementing Sentinel advanced features, efficient log collection mechanisms, deployment and maintenance of log forwarders, maintenance of local agents. Leverage Threat Intelligence feeds in Splunk analytics and SOAR Good to have proficiency in Linux, Python, PowerShell Should have expertise in integrating data sources which are not supported by Splunk tool - Custom parser development and ability to solve technical issues in Splunk must have requirements. Should have expertise in consuming contents from content hub and management of log analytics workspace and ability to handle issues in MMA and AMA agents. Good to have strong knowledge in Microsoft defender products, Microsoft Cloud services and Azure Arc. Should have ability to work with vendor technical support group and driving issues towards effective and permanent closure. Must Have : Experience on Splunk (Implementation and Upgradation) Knowledge in MITRE attack framework Understanding of Parser Show more Show less