Splunk Engineer

Company Overview:

Stratogent does IT and Cybersecurity operations.

We build and operate complex infrastructure across on-premise, data centers, and clouds. We wrap any compute-storage-network platform with monitoring, automation and security services so customers can sleep while we cure failures and block threats.

If Googles mission is to "organize the world's information", ours is to "operate the world's infrastructure". We aren't quite there yet, so we focus on being the best at knowing and doing operations for mid-size, high-touch and high-change IT environments. Our customer base is made up of progressive companies who are flag bearers of new technology adoption and are risk-takers. We have participated in successful (and failed) projects and bring that accumulated experience to each of our clients.

Since 2008, we have acted as an extension of internal IT and Security teams and along the way achieved a community of highly satisfied clients who rave about our "no-fluff just stuff" style.

Job description:

• The primary responsibility is to work on the existing or new Incidents, Service Requests, and Tasks
• Triage the unresolved incidents or Requests to Leads

Business Relationships:

• Continually communicates with Leads and Customers

Key Responsibilities

Process

• Day to day Operational issues, requests and Project tasks
• Incident response and resolution within SLA's with excellent analytical and troubleshooting skills
• Providing all the necessary details to leads about the issue, steps taken, recommendation and any other relevant information
• Ticket Status Check and Update
• Respond to False Positive Alerts
• Incident Escalation and Progress Monitoring
• Create, review, update, and maintain Standard Operating Procedures.
• Prepare RCA for the escalated incidents.
• Perform the Shift handovers

SPLUNK

• Configure and troubleshoot Splunk components such as indexer, forwarder, search head, etc
• Comfortable with Splunk queries to create Splunk dashboards.
• Configuring Splunk as per the Best Practices (apps, add-ons, searches, etc).
• Creates, modifies, and updates Security Information Event Management rules.
• Recognizes potential, successful and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail.
• Triage of non-security alerts based on priority, problem identification and escalation.
• Escalate to designated contacts within Stratogent and Customer for issues outside SOPs, or when SOPs fail to resolve the issue.
• Utilize Security Information and Event Management to monitor data flow between networks.
• Work directly with delivery teams or customers to gather logging requirements.
• Convert Logging requirements into Splunk designs following best practices.
• Perform environment health checks.
• Troubleshoot Issues
• Update and / or create technical documentation.

Security:

• Leads the escalation as a point for security incidents.
• Analyze & investigate cyber threats on a real-time/day-to-day basis, involving alerts review, log analysis, and event/incident correlations.
• Prepare Document and Maintain Procedures, Response Plan, Runbooks, and associated processes for continuous improvement.
• Assist L1/L2 for security event and initial incident response to detected threats.
• Regularly review and recommend changes to policies or controls as needed to enhance security.
• Identifies potential gaps and offers solutions to include internal team needs, product improvements and client security posture.
• Develop reporting with focused messages to enable the stakeholders to understand their and responsibilities.
• Train and mentor, the peers and juniors in the team.

Must-have Skills: Prior Working Experience

• Must have worked on Splunk
• Performing incident handling, evidence acquisition, endpoint and Network,and Security Incident management
• Customer-focused
• Excellent communication skills (reading, writing, speaking and listening)
• Highly self-motivated and directed.
• Excellent attention to detail.
• Flexibility and willingness to work on different and multiple technologies
• Ability to effectively prioritize, organize and execute tasks in a high-pressure environment

Good to have skills: Prior Work Experience

• Worked on any of the IAM and PAM tools.
• Certifications in Enterprise Admin or Cloud Admin of Splunk is an advantage
• Prior training and certification in communication is added advantage

KRA

• Adherence to ticket creation within SLA
• Adherence to SLA in incident/request handling
• Make the incident handling experience better for the customer (internal team/ external customer)
• High quality ticket updates
• Troubleshooting tasks with proper perspective
• Keep the Leads informed of task accomplishment, issues and status
• Training and mentoring peers and Juniors

Soft skills

• Excellent communication skills – Written and Verbal
• Enjoys sharing information with others
• Team player
• Passion for work
• Learning Orientation