Technical Specialist-Cloud & Infra Engg

Job Description

Area(s) of responsibility Key Responsibilities Daily Security Review: Monitor the Virtus Splunk environment (8x5) to detect anomalies, filter false positives, investigate threats, and escalate valid security incidents as per the Escalation Plan. Security Rule Tuning: Adjust security rules based on analysis and client feedback to enhance threat detection and reduce false positives. Not able Event Investigation: Perform initial analysis of notable security events and escalate cases requiring client attention. Security Use Case Development: Identify security incidents, refine detection processes, and update notification procedures per the agreed rules of engagement. Splunk Administration: Maintain the health of Splunk infrastructure, including search heads, indexers, deployment servers, and other critical components. Splunk Upgrades: Provide upgrade roadmaps, determine upgrade sequences, and assist with implementation to ensure an up-to-date Splunk environment. Splunk Dashboards & Searches: Develop customized dashboards, reports, and saved searches tailored to client requirements, integrating necessary data sources. Data Source Onboarding: Add new data sources to Splunk Enterprise Security, including installing technology add-ons, field extraction, and Common Information Model (CIM) normalization. Service Desk Integration: Manage ticket escalations through the Virtus Service Desk and leverage KACE for efficient incident response and tracking. Required Qualifications Experience: 5+ years in Splunk administration, including security monitoring and incident response. Technical Skills Strong expertise in Splunk Enterprise Security and its components. Proficiency in security use case development and event correlation. Experience with Splunk search processing language (SPL), dashboards, and reporting. Hands-on experience with data source onboarding and CIM normalization. Familiarity with ticketing systems like KACE or similar ITSM platforms. Certifications: Splunk Certified Admin, Splunk Enterprise Security Certified Admin (preferred). Show more Show less