Senior - CTM - Threat Detection & Response
We are seeking a highly skilled and experienced Senior Splunk Implementation Specialist to lead and oversee the deployment, administration, and use case development of Splunk Enterprise Security (ES) applications. The ideal candidate will have a deep understanding of Splunks capabilities and a strong background in cybersecurity. This role requires an individual with extensive experience in implementing and managing Splunk ES, as well as developing and maintaining security use cases to enhance client s security posture.
KEY Capabilities
- Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
- Lead the planning, design, and implementation of Splunk Enterprise Security (ES) across the organization.
- Develop and manage the Splunk implementation project plan, including timelines, milestones, and resource allocation.
- Coordinate with cross-functional teams, including IT, security, and compliance, to ensure seamless integration of Splunk with existing systems and processes.
- Oversee the configuration and customization of Splunk ES to meet the organizations specific security requirements.
- Develop, implement, and maintain security use cases, correlation searches, and dashboards within Splunk ES.
- Provide expert guidance and support to the security operations team in the use of Splunk ES for threat hunting and incident investigation.
- Ensure compliance with industry standards and regulatory requirements related to security monitoring and incident response.
- Develop and maintain documentation for Splunk configurations, processes, and procedures.
- Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
- Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers.
- Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems.
- Experience in creating use cases under Cyber kill chain and MITRE attack framework.
- Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc
- Sound knowledge in configuration of Alerts and Reports.
- Good exposure in automatic lookup, data models and creating complex SPL queries.
- Create, modify, and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement.
- Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations.
- Experience in creating custom commands, custom alert action, adaptive response actions etc.
Qualification & experience
- Minimum of 5 to 7 years experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
- Proven experience in implementing and managing Splunk Enterprise Security (ES) applications.
- Strong understanding of cybersecurity principles, threat detection, and incident response.
- Extensive experience in developing and maintaining security use cases, correlation searches, and dashboards within Splunk ES.
- Excellent project management skills, with a track record of successfully leading complex security projects.
- Strong leadership and team management skills, with the ability to mentor and develop team members.
- Excellent communication and interpersonal skills, with the ability to collaborate effectively with stakeholders at all levels.
- Relevant certifications such as CISSP, CISM, Splunk Certified Admin, Splunk Certified Architect, or similar are highly desirable. Certifications in a core security related discipline will be an added advantage.
Desired Skills
- Familiarity with scripting and automation tools (e.g., Python, PowerShell) for security operations and incident response.
- Knowledge of regulatory and compliance frameworks (e.g., GDPR, HIPAA, NIST).
- Experience in conducting security assessments and audits.
- Ability to develop and implement security policies, procedures, and best practices.
- Strong analytical and problem-solving skills.
