Splunk Content Development

Job Description

Job Information Job Opening ID ZR_1924_JOB Date Opened 06/05/2023 Industry Technology Job Type Work Experience 5-8 years Job Title Splunk Content Development City Chennai Province Tamil Nadu Country India Postal Code 600001 Number of Positions 5 We are looking for a content development engineer or L2 level SOC SIEM engineer with hands-on experience in developing new rules, use cases based on various log sources including Cloud Security log sources and integrating various log sources with SIEM Platform. Roles and Responsibilities: Creating and implementing new threat detection content, rules and use cases to deploy in SIEM platform with different data sets like Proxy, VPN, Firewall, DLP, etc. Assisting with process development and process improvement for Security Operations to include creation/modification of SOPs, Playbooks, and Work instructions. Developing custom content based on threat intelligence and threat hunting results. Identifying gaps in the existing security controls and develop/propose new security controls. SIEM Engineering and knowledge of integrating various log sources with any SIEM platform. Custom parsing of logs being ingested into the SIEM Platform Job : 3+ years of experience working in the field of Content development and experience in delivering and/or building content on any of the SIEM tools like Splunk/Arc-sight /QRadar/Nitro ESM/etc. Deep understanding of MITRE ATT&CK Framework. Experience in SOC Incident analysis with an exposure to information security technologies such as Firewall, VPN, Intrusion detection tools, Malware tools, Authentication tools, endpoint technologies, EDR and cloud security tools. Good understanding of networking concepts. Experience interpreting, searching, and manipulating data within enterprise logging solutions (e.g. SIEM, IT Service Management (ITSM) tools, workflow, and automation) In depth knowledge of security data logs and an ability to create new content on advanced security threats on a need basis as per Threat Intelligence. Ability to identify gaps in the existing security controls. Good experience in writing queries/rules/use cases for security analytics (ELK, Splunk or any other SIEM platform) and deployment of content. Experience on EDR tools like Crowd-strike and good understanding on TTPs like Process Injection. Excellent communication, listening & facilitation skills Ability to demonstrate an investigative mindset. Excellent problem-solving skills. Preferred : Understanding of MITRE ATT&CK framework. Demonstrable experience in Use case /rule creation on any SIEM Platform. Chronicle Backstory/ YARA / Crowds trike rules is a plus. Location: Pan India check(event) ; career-website-detail-template-2 => apply(record.id,meta)" mousedown="lyte-button => check(event)" final-style="background-color:#2B39C2;border-color:#2B39C2;color:white;" final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered=""> I'm interested