SIEM /SPLUNK Expert - India
CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter – and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.
CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.
CyberProof is seeking SIEM/Splunk to be part of our SOC group – focusing on SIEM technologies. The role requires a details-oriented professional who will provide SIEM support to our pre-sales teams and support the delivery of SIEM solutions to our customers. The SIEM Expert will be called upon to understand customer requirements and recommend the appropriate SIEM solution to meet those requirements. The SIEM Expert will support the SIEM solution with Architecture and Design documentation. This role is an excellent opportunity for an individual with strong technical, communication, and customer-facing skills.
- Understand Splunk Enterprise & Splunk Enterprise Security in depth
- Understand customer requirements and recommend best practices for SIEM solutions
- Offer consultative advice in security principles and best practices related to SIEM operations
- Develop new SIEM rules, correlations, and dashboards to meet customers’ needs
- Design and document a SIEM solution to meet the customer needs
- Assist in the creation and verification of Statement of Work (SOW) documentation
- Assist with architecture, RFPs and customer technical meetings
- Deploy and configure the SIEM platform as per Vendor guidelines and industry best practices
- Assist client with technical guidance to configure end log sources (in-scope) to be logged to the SIEM
- Verification of data of log sources in the SIEM, following the Common Information Model (CIM)
- Document the build of the SIEM solution
- Experience with Splunk ES, creating rules, data models, reports, and dashboards
- Excellent familiarity with Splunk enterprise cluster implementation, components, and infrastructure
- University degree in Information Security or equivalent work experience
- Minimum 4 years of experience in a similar role
- Preferred SIEM Vendor Certification of Administrator
- Experience and proficiency in UNIX/Linux and/or Regular Expressions.
- The following certifications would be considered to be an advantage: CISSP, CISM, CompTIA Security+, CEH, GSEC