Senior Technical Lead

• Understand customer requirements and recommend best practices for SIEM solutions.
• Design and document a SIEM solution to meet the customer needs
• Understanding of end-to-end implementation of Splunk Cloud / Splunk Enterprise / Splunk Enterprise Security
• Installing updates and patches on the Splunk platform to ensure it is running smoothly
• Configuring new data inputs to allow the collection of new data types or formats
• Creating alerts and notifications to notify stakeholders of unusual activity such as security breaches or system failures
• Performing basic troubleshooting when issues occur with the system to identify the cause
• Creation of new correlation rules, dashboards, and reports on Splunk solution for effective log monitoring
• Coordination with vendor support team for resolution of issues on Splunk
• Mentoring incident handlers by conducting sessions/ trainings for KT on Splunk monitoring and information security
• Regular update of SOC related documentation in case of any addition/ changes to process/ content
• Preparing and publishing monthly reports to CISO/Stake holders
• Second level investigation of critical security incidents and sharing RCA with relevant stakeholders
• Suggestion for enhancement of new processes/ solution integrations in SOC for improving overall organization security
• Create and deploy detection use cases on Splunk and Integration of log sources
• Understanding the Apps and assets, User management, Ingesting data and Events and containers, Multi tenancy, Clustering, Automation best practices, the visual playbook editor etc. in Phantom.
• Preparing playbooks, Case management, Case workflows in Phantom
• Using external Splunk search in Phantom
• Executing Phantom playbooks from Splunk
• Searching Splunk from Phantom playbooks
• Writing custom code in Phantom Playbooks
• Using the Phantom REST API in Phantom Playbooks
• Workbooks in Phantom
• Custom code in Phantom Playbooks

Skills and Qualifications:

• Minimum of 8+ years experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
• Certification in any one of the SIEM Solution such as Splunk, IBM QRadar will be an added advantage
• Strong oral, written and listening skills are an essential component to effective consulting.

Qualifications

• 8+ years of experience working with SIEM solutions preferably Splunk and experience with MS Sentinel, LogRhythm, QRadar would be nice to have.
• Proven experience in developing and implementing security correlation rules and alerts.
• Strong understanding of security incident investigation and response methodologies (e.g., DFIR)
• Experience with SOAR tools (preferably Phantom) and security automation concepts.
• Excellent analytical and problem-solving skills.
• Strong communication and collaboration skills.
• Ability to work independently and as part of a team.
• A passion for security and a desire to stay up to date on the latest threats and vulnerabilities.

Preferred Qualifications

• Should have bachelor's degree in computer science or any specialization.
• Certifications in SIEM technologies preferably Certified Splunk Administrator (CSA) or any Splunk Certification and any other SIEM Certifications will be an add-on.
• Experience with security orchestration, automation, and response (SOAR) tools.
• Experience with security information and event management (SIEM) for cloud environments.
• Experience working in a Security Operations Center (SOC) environment.