Splunk Administrator

Role Overview: As a Splunk Administrator with expertise in Microsoft Defender (MDE), KQL/SQL, and security analytics, your role will involve designing, implementing, and supporting Splunk systems, onboarding data, configuring Splunk, building dashboards, and extracting insights. You will also be responsible for utilizing Microsoft Defender for threat analysis, utilizing Kusto Query Language (KQL) and SQL, and collaborating with the security team to enhance security controls and incident response. Key Responsibilities: - Hold a Splunk Certification (Certified Admin or Certified Architect) and have 5-9 years of experience as a Splunk Admin. - Demonstrate expertise in managing Splunk components such as Indexers, Forwarders, and Search-Heads. - Utilize Microsoft Defender for Endpoint (MDE/S1) for security monitoring and threat analysis. - Proficiency in KQL and SQL for effective threat analysis and security monitoring. - Possess strong knowledge of security controls, risk management, and incident response. - Manage Linux and Windows agents in a Splunk environment and adhere to best practices in system administration. - Act as a mentor for security analysts, participate in knowledge sharing, and train team members on best practices. Qualifications Required: - Hold a Splunk Certification (Certified Admin or Certified Architect) with 5-9 years of Splunk Administration experience. - Proficiency in Microsoft Defender for Endpoint (MDE/S1), KQL, and SQL. - Strong understanding of security frameworks, vulnerability management, and incident response. - Ability to mentor teams and serve as a single point of contact (SPOC) for Splunk-related security operations. Role Overview: As a Splunk Administrator with expertise in Microsoft Defender (MDE), KQL/SQL, and security analytics, your role will involve designing, implementing, and supporting Splunk systems, onboarding data, configuring Splunk, building dashboards, and extracting insights. You will also be responsible for utilizing Microsoft Defender for threat analysis, utilizing Kusto Query Language (KQL) and SQL, and collaborating with the security team to enhance security controls and incident response. Key Responsibilities: - Hold a Splunk Certification (Certified Admin or Certified Architect) and have 5-9 years of experience as a Splunk Admin. - Demonstrate expertise in managing Splunk components such as Indexers, Forwarders, and Search-Heads. - Utilize Microsoft Defender for Endpoint (MDE/S1) for security monitoring and threat analysis. - Proficiency in KQL and SQL for effective threat analysis and security monitoring. - Possess strong knowledge of security controls, risk management, and incident response. - Manage Linux and Windows agents in a Splunk environment and adhere to best practices in system administration. - Act as a mentor for security analysts, participate in knowledge sharing, and train team members on best practices. Qualifications Required: - Hold a Splunk Certification (Certified Admin or Certified Architect) with 5-9 years of Splunk Administration experience. - Proficiency in Microsoft Defender for Endpoint (MDE/S1), KQL, and SQL. - Strong understanding of security frameworks, vulnerability management, and incident response. - Ability to mentor teams and serve as a single point of contact (SPOC) for Splunk-related security operations.