Splunk Uba L2/l3

From 3 to 8 year(s) of experience

₹ Not Disclosed by Recruiter
- Mumbai (All Areas)
- Architect (Plan, Deploy and scale) **Splunk UBA** Deployments
- Install, Configure, and migrate configurations to larger UBA clusters. (3-7, 7-10, 10-20)
- Setting Up the UBA Cluster in Warm Standby mode (PROD and DR)
- Onboard Data sources onto Splunk UBA form **Splunk SIEM**:

- Add custom data to Splunk UBA using the generic data source
- Add additional data sources to Splunk UBA
- Fine-tuning of data sources by making it CIM complaint
- Create Watchlists to monitor High Privileged Users
- Create Custom Dashboards using pre-built data models
- Develop Custom Content for Splunk UBA
- Finetuning of Anomalies and threats and triage false positive threats
- Data Ingestion into Splunk UBA using Kafka Add-on for Splunk
- Configure Integrations with other Splunk Enterprise Products (Send notable events from

Splunk Enterprise Security (ES) to Splunk UBA or send anomalies and threats from Splunk UBA to Splunk ES)
- Integrate Security workflows with Splunk / Third Party SOAR solutions
- Install and Upgrade Splunk UBA (Platform Releases, Maintenance and Patch Releases)
- Configure warm standby, restore from automated incremental backups.
- Monitor Health of Splunk UBA Environment (UBA Cluster) and keep it Healthy
- Keep Geo location data Up to Date in UBA
- Monitor Health of UBA Cluster to keep the cluster healthy
- Create and send alerts when data source ingestion has stopped to UBA
- Regular monitoring of UBA Licensing
- Customize UBA Functionality (Monitor Policy Violations, Customize Anomaly Action Rules & Anomaly Scoring Rules) to produce more relevant threats and anomalies for SOC Analysts
- Investigate Splunk UBA Entities using watchlists
- Creating updating internal/external whitelisting of domains
- Ingest Updated HR data using LDAP in UBA on regular basis.
- Use SOAR to automate Security Workflows
- Manage the stability and Availability of UBA Environment for the Customer.
- Strong understanding of Splunk Enterprise security, manage all its components, Create correlation searches to trigger notables, Use Case creation, Dashboards and Tuning, Managing permissions of all the Knowledge objects.
- Design and customise complex search queries, and promote advanced searching, forensics, and analytics.
- Maintain on-prem/cloud infrastructure, handle updates & troubleshooting, monitoring, log collection.
- Maintain both Linux and Windows servers, troubleshoot and fix issues, manage backups, and updates.
- Participate in both small agile focused projects, as well as large enterprise-wide projects.
- Collaborate with global team members based in different regions. Train and mentor.
- SOC operations for real-time monitoring, analyzing logs from various security/Industrial appliances.
- Support security incident response processes in the event of a security breach by providing

incident reporting.
- Assist Customer in identification of searches to modify, based on daily notables and execution time
- Review the search implementation and suggest alternatives to tune performance and reduce number of notables - consider value provided by searches and recommend removal of low value searches
- Qualifications we are looking for- Bachelor of Science degree in Cyber Security or Computer Science, or equivalent experience.
- 5+ years experience in Splunk UEBA L3 Role
- Advanced knowledge of Linux operating system.
- Experience in working in a global, process-driven organisation.
- Highly motivated individual with the ability to self-start, prioritise, and multi-task
- Strong verbal/written communication and interpersonal skills.
- Ability to work independently on assigned tasks as well as delegate responsibilities to junior team members.

Minimum Certification:
Certified on Splunk Enterprise Security Certified Admin / Splunk Enterprise Certified Admin

Security Certifications - CEH/CHFI//GSEC / GMON/ITIL or CISA/CISSP/OSCP//OSCP/ GPYC/GREM or any equivalent Security Certification
- Key Skills
- siemSplunk UBA
- cyber securitySOCCEHenterprise securitySOARAdminTroubleshootingImplementationincident responseFine TuningLinuxSplunkMonitoringThreat ManagementitilThreat
- Skills highlighted with ‘‘ are preferred keyskills

Education
- UG:_B.Sc in Any Specialization,BCA in Any Specialization,B.Tech/B.E. in Any Specialization
- PG:_MCA in Any Specialization,M.Tech in Any Specialization

**Company Profile**:
NMS Consultant

Leading MNC Company
- Company Info

**Salary**:
Not Disclosed by Recruiter

Industry:
IT Services & Consulting

Functional Area:
IT & Information Security

Role Category:
IT Infrastructure Services

Role:
IT Infrastructure Services - Other

Employment Type:
Full Time, Permanent