Senior Technical Lead

Job Description

- Understand customer requirements and recommend best practices for SIEM solutions.
- Design and document a SIEM solution to meet the customer needs
- Understanding of end-to-end implementation of Splunk Cloud / Splunk Enterprise / Splunk Enterprise Security
- Installing updates and patches on the Splunk platform to ensure it is running smoothly
- Configuring new data inputs to allow the collection of new data types or formats
- Creating alerts and notifications to notify stakeholders of unusual activity such as security breaches or system failures
- Performing basic troubleshooting when issues occur with the system to identify the cause
- Creation of new correlation rules, dashboards, and reports on Splunk solution for effective log monitoring
- Coordination with vendor support team for resolution of issues on Splunk
- Mentoring incident handlers by conducting sessions/ trainings for KT on Splunk monitoring and information security
- Regular update of SOC related documentation in case of any addition/ changes to process/ content
- Preparing and publishing monthly reports to CISO/Stake holders
- Second level investigation of critical security incidents and sharing RCA with relevant stakeholders
- Suggestion for enhancement of new processes/ solution integrations in SOC for improving overall organization security
- Create and deploy detection use cases on Splunk and Integration of log sources
- Understanding the Apps and assets, User management, Ingesting data and Events and containers, Multi tenancy, Clustering, Automation best practices, the visual playbook editor etc. in Phantom.
- Preparing playbooks, Case management, Case workflows in Phantom
- Using external Splunk search in Phantom
- Executing Phantom playbooks from Splunk
- Searching Splunk from Phantom playbooks
- Writing custom code in Phantom Playbooks
- Using the Phantom REST API in Phantom Playbooks
- Workbooks in Phantom
- Custom code in Phantom Playbooks

Skills and Qualifications:

- Minimum of 8+ years experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
- Certification in any one of the SIEM Solution such as Splunk, IBM QRadar will be an added advantage
- Strong oral, written and listening skills are an essential component to effective consulting.

Qualifications

- 8+ years of experience working with SIEM solutions preferably Splunk and experience with MS Sentinel, LogRhythm, QRadar would be nice to have.
- Proven experience in developing and implementing security correlation rules and alerts.
- Strong understanding of security incident investigation and response methodologies (e.g., DFIR)
- Experience with SOAR tools (preferably Phantom) and security automation concepts.
- Excellent analytical and problem-solving skills.
- Strong communication and collaboration skills.
- Ability to work independently and as part of a team.
- A passion for security and a desire to stay up to date on the latest threats and vulnerabilities.

Preferred Qualifications

- Should have bachelor's degree in computer science or any specialization.
- Certifications in SIEM technologies preferably Certified Splunk Administrator (CSA) or any Splunk Certification and any other SIEM Certifications will be an add-on.
- Experience with security orchestration, automation, and response (SOAR) tools.
- Experience with security information and event management (SIEM) for cloud environments.
- Experience working in a Security Operations Center (SOC) environment.

---