Splunk/SIEM Admin

Role Description
Role Proficiency:

Take the lead in monitoring and maintenance across a global customer base for respective SIEM or EDR technology taking ownership of issues through and including resolution.

Outcomes

• Monitor investigate and provide meaningful resolution for tickets and issues across multiple customers for the specified SIEM or EDR type. Escalate accordingly issues observed to a team member if appropriate to ensure optimal performance of the platform supported.
• Contribute to the evolution of the wider teams capabilities to help deliver CyberProof's strategic vision for a global managed SIEM services.
• Build strong relationships with customers and key stakeholders to ensure customer requirements and needs are fulfilled.
• Take ownership of personal workload acting as a role model for peers. Continuously seek to improve the service offered to global customers.
• A Subject Matter Expert for the respective technology being worked on both internally within CyberProof and for managed clients providing input for key in- life services within CyberProof.
• Assist with service and change requests for platform types such as access requests as well as more targeted requests for specific modules on platform such as dashboard creation query support Investigation of more complex issues.
• Proactively develop and maintain documentation and knowledge articles for wider members of the team relating to customers supported.
• Ensure in-life requests are being actioned in a timely manner for self and junior roles.
• Provide assistance and mentorship for global team members both within and outside the

Measures Of Outcomes

• Percent of Adherence to processes and methodologiesa.Percent of adherence to SLA's for in- life ticketing processesb.Percent of adherence to workflows and completeness of audit trail for all activities undertaken.
• Productivity score maintaineda.Number of issues with early identification in case of problems with delivering tasks or workload.b.Number of issues with effective evidence provided for escalations during triage.
• Number of identified opportunities implemented to enhance change and process documentation to ensure remain relevant for broader team.
• Number: of relevant skill related training and development activities undertaken; evidenced by certification.

Outputs Expected
Technical Expertise:

• Show strong comprehension and experience with the specific SIEM or EDR platform that Specialist is working on.
• Take the lead on identifying issues with the specified platform type or its supporting infrastructure.
• Using technology identify and implement technical solutions to issues with queries/rules/dashboards/data feeds

Platform Management – Incidents And Requests

• Provide accurate updates to appropriate Service and Change Requests; ensuring an audit trail is preserved and SLAs are achieved.
• Proactive identification of issues with behavioural analysis/patterns identified with suggestions and plans for achieving resolution.
• Provide leadership and support to Junior members.

Stakeholder Focus

• Comfortable and aware of the customers supported Capable of providing support towards QBR preparation and delivery as required.
• Ensure relevant reporting metrics of customer information provided in a timely manner. Engage with customer/TAM/Project team where required.
• Ensure customer specific processes are being followed.
• Undertake mandatory and proactive learning and development opportunities.

Skill Examples

• Excellent communication skills with both internal and external stakeholders
• Ability to be prepared to undertake background check/validation to ensure integrity.
• Ability to work unsupervised with the assigned SIEM or EDR technologies and their supporting infrastructure
• Aptitude in identification objectives and priorities for the broader team; identifying successes/failings
• Capacity in working with multiple querying languages with the ability to have a full end- to- end set of skills from onboarding and parsing a log source to exploiting via analytics or rulesets.
• Ability to have sufficient experience and confidence in target toolset to be able to provide mentoring to upskill junior members.
• Capable of showing strong analytical skills working across multiple technologies and customers as well as sufficient competence to draft support documentation for internal or external use.

Knowledge Examples

• Experience in working with Security Operations and/or EDR/SIEM Platform Management roles.
• An understanding of various Security Frameworks and Security controls with a focus on IT.
• Multiple years of experience working as part of a MSSP style environment working with different customer types
• Detailed knowledge of specific SIEM or EDR technology as well as how the capability can be utilised to support operations.
• Experience and knowledge of how to utilise Big Data and Data manipulation.
• Desirable: Certifications in IT infrastructure / SIEM / EDR / Ethical Hacking
• Desirable: Academic qualifications and/or relevant work experience in lieu of qualifications.

Additional Comments
SIEM Platform Administration

• Deploy, configure, and maintain Splunk environments.
• Manage data ingestion pipelines, connectors, and log sources across hybrid and multi-cloud environments.
• Monitor system health, performance, upgrades and capacity planning for SIEM platforms.
• Implement and maintain role-based access controls (RBAC) and ensure compliance with security policies.
• Develop and maintain automation scripts for operational efficiency.
• Support the development and deployment of custom parsers, dashboards, and reports.
• Troubleshoot and resolve issues related to system uptime and availability, data ingestion, parsing, and correlation.
• Administer and optimize Cribl environments including Stream, Search, and Lake.
• Design and implement enterprise deployments with worker groups, routes, sources, and destinations.
• Develop and maintain advanced pipelines for data parsing, enrichment, and routing.
• Collaborate with stakeholders to gather requirements and deliver tailored observability solutions.
• Integrate Cribl with platforms like Splunk

Required Qualifications & Experience

• 5+ years of experience in IT/Security operations with at least 3 years in SIEM administration and Cribil data ingestion pipelines.
• Proven hands-on experience with Splunk Enterprise/Splunk Cloud and Cribil.
• Strong knowledge of log management, data normalization, and security event correlation.
• Experience with scripting languages (SPL).
• Familiarity with cloud platforms and hybrid environments.
• Understanding of security frameworks (MITRE ATT&CK, NIST, ISO
• Proven experience with Cribl Stream, Search, and Lake.
• Experience with Linux, Python, Regex, and JavaScript ________________________________________

Preferred Skills

• Experience with SIEM platforms (e.g. Splunk (SPL)) and Cribil.
• Certifications such as Splunk Certified Admin or Splunk Certified Architect
• Cribl certifications preferred: CCOE User/Admin, Cribl Certified Engineer
• Exposure to compliance standards like GDPR, HIPAA, PCI-DSS.
• Strong analytical, communication, and documentation skills.

Skills
Splunk,Cribl,Cyber Security,Platform Admin,Platforms