As a Cybersecurity Defense professional at Kyndryl, you will encompass cybersecurity, incident response, security operations, vulnerability management, and the world of cyber threat hunting and security intelligence analysis all to protect the very heartbeat of organizations their infrastructure. In this role, you won't just monitor; you'll actively engage in the relentless hunt for cyber adversaries. In a world where every click and keystroke could be a potential gateway for attackers, your role will be nothing short of critical as you seek out advanced threats, attackers, and Indicators of Compromise (IOCs). Your expertise in endpoint detection and response (EDR) will be the shield that safeguards individual workstations, laptops, servers, and other devices from cybercrime. Your responsibilities go beyond vigilance. When it comes to network security, you'll utilize Network Detection and Response (NDR) to monitor the ever-flowing currents of network traffic. The incident management process will be used as you respond and manage to cybersecurity incidents. Cybersecurity Defense is all about information. You'll gather, analyze, and interpret data applying your own and external threat intelligence to uncover potential security threats and risks. These insights and your ability to analyze complex attack scenarios will be the foundation of our security strategy helping Kyndryl stay one step ahead of security breaches. In Cybersecurity Defense at Kyndryl, youre not just protecting the present youre shaping the future of digital security. Join us on this cybersecurity venture where your expertise and creativity will have a lasting impact in the world of digital defense. Who You Are Youre good at what you do and possess the required experience to prove it. However, equally as important you have a growth mindset; keen to drive your own personal and professional development. You are customer-focused someone who prioritizes customer success in their work. And finally, youre open and borderless naturally inclusive in how you work with others. Required Technical and Professional Expertise: Minimum of 10-12 years' experience as a Splunk Security Engineer Expertise in designing and implementing Splunk Enterprise Security (ES) solutions Experience in configuring and optimizing Splunk search queries, dashboards, and reports In-depth knowledge of security technologies, including SIEM, IDS/IPS, DLP, and endpoint security Strong understanding of network protocols, TCP/IP, and security-related protocols Excellent analytical and problem-solving skills Ability to work independently and in a team environment Strong communication and interpersonal skills Preferred Technical and Professional Expertise Using Splunk, design and implement solutions to address and meet logging requirements in the client environment with remote logging capabilities. Configuring Splunk: Set up Splunk forwarding, configure the deployment server, and manage the Splunk indexer cluster Monitoring and troubleshooting: Monitor the Splunk infrastructure, troubleshoot performance issues, and identify bad searches and dashboards Managing security: Provide role-based security, restrict access to sensitive data, and manage Splunk license master Managing users: Manage users and their roles, and onboard new users Managing data: Manage indexes, create Splunk indexes, and design retention and retirement policies Deploying Splunk: Deploy Splunk dashboards and reports, and execute new projects Strong critical thinking and analytical skills and ability to think out of the box required. Must be able to work independently or with a team, under minimum supervision. Preferred Technical and Professional Experience Thorough knowledge on defining data sources monitoring based on clients business Thorough knowledge on MITRE Frameworks (ATT&CK, D3FEND)
