Technical Specialist-Cloud & Infra Engg

Area(s) of responsibility

Key Responsibilities:

• Daily Security Review: Monitor the Virtus Splunk environment (8x5) to detect anomalies, filter false positives, investigate threats, and escalate valid security incidents as per the Escalation Plan.
• Security Rule Tuning: Adjust security rules based on analysis and client feedback to enhance threat detection and reduce false positives.
• Not able Event Investigation: Perform initial analysis of notable security events and escalate cases requiring client attention.
• Security Use Case Development: Identify security incidents, refine detection processes, and update notification procedures per the agreed rules of engagement.
• Splunk Administration: Maintain the health of Splunk infrastructure, including search heads, indexers, deployment servers, and other critical components.
• Splunk Upgrades: Provide upgrade roadmaps, determine upgrade sequences, and assist with implementation to ensure an up-to-date Splunk environment.
• Splunk Dashboards & Searches: Develop customized dashboards, reports, and saved searches tailored to client requirements, integrating necessary data sources.
• Data Source Onboarding: Add new data sources to Splunk Enterprise Security, including installing technology add-ons, field extraction, and Common Information Model (CIM) normalization.
• Service Desk Integration: Manage ticket escalations through the Virtus Service Desk and leverage KACE for efficient incident response and tracking.

 

Required Qualifications:

Experience: 5+ years in Splunk administration, including security monitoring and incident response.

Technical Skills:

• Strong expertise in Splunk Enterprise Security and its components.
• Proficiency in security use case development and event correlation.
• Experience with Splunk search processing language (SPL), dashboards, and reporting.
• Hands-on experience with data source onboarding and CIM normalization.
• Familiarity with ticketing systems like KACE or similar ITSM platforms.
• Certifications: Splunk Certified Admin, Splunk Enterprise Security Certified Admin (preferred).