Sr. Security Analyst - Splunk

Job Summary

Role: Senior Security Analyst Base Location: Hinjewadi, Pune. Job Description Responsible for operationalization of new security platforms to enable security operations Center to stay ahead of emerging and current threats. Troubleshoot Splunk SIEM components and related functionalities. Integration of Splunk SIEM with other security Tools. Perform regular Health check of the Splunk core components. Act as a Subject Matter Expert for Splunk solution. Stay updated with latest Features, enhancement, security updates for Splunk. Deep log analysis skills on Splunk SIEM. Security Information Event Management & Analytics Platforms integration ¿ Splunk Build use cases that drive security analytics and incident response. Custom integration of Log sources and SIEM content development. Act as a Subject Matter Expert for Splunk solution. Implement and optimize security detection rules, queries, and playbooks within Splunk. Configure and troubleshoot Splunk SIEM components and related functionalities. Plan and onboard different data sources such as: Windows, linux, AD, Firewall, other security tools integration. Knowledge of various security methodologies and technical security solutions, Firewall, IPS, Antivirus, Proxy, WAF, Load balancer, DDOS, EDR (Sentinel One) and DLP solutions. Candidates with prior experience of setting up security operations from scratch would have added advantage. Identify automation opportunities in the incident response workflow and implement them with the help of automated playbooks in Microsoft Sentinel SIEM. Understand business requirements from the client and translate them into technical deliverables within Cyber Security domain. Deep log analysis skills on Splunk SIEM. Manage the daily/weekly/monthly SOC metrics reporting for the assigned set of clients. Build custom use cases, dashboards, reports as per the requirement from client and internal stakeholders. Demonstrate SOC differentiators and new capabilities to the prospect clients as part of RFP/RFI defense discussions. Proven history of maturing SOC from Initial to Optimised level of CMM maturity model. Skills Required Must Have 10+ years of experience in IT and 8+ years in Cyber Security. Hands on experience on Splunk including creation of custom queries, detection rules and automated response playbooks. SIEM ¿ Splunk (Must Have), QRadar, LogRhythm Thorough understanding of various industry leading cloud native SIEM architecture, pricing and technical knowhow. Knowledge about various threat vectors and attackers TTPs. In depth knowledge of Active Directory. Excellent communication skills with ability to lead discussions with C level executives. Key Attribute Ability to work collaboratively in a fast paced environment. Continuous learner with a proactive approach to stay updated on industry trends. Strong problem solving skills and ability to make sound decisions under pressure. Customer facing with good written skills and strong communication skills at all levels. May be required to participate in out of hours on call rota. Ability to consistently deliver to deadlines while prioritizing competing demands for time. Qualifications Bachelor¿s degree in information technology or related field. Relevant certifications (CISSP, CEH, CISM, CISA) Working knowledge on any other SIEM tool viz Microsoft Sentinel, Splunk, QRadar etc. Splunk Enterprise Certified Admin,