Splunk Security Analyst - Threat Detection & Response

TC-CS-CDR-Splunk-Staff

At EY, we’re all in to shape your future with confidence. 

We’ll help you succeed in a globally connected powerhouse of diverse teams and take your career wherever you want it to go. 

Join EY and help to build a better working world. 

 

Staff (CTM – Threat Detection & Response)

 

KEY Capabilities:

• Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
• Minimum of Splunk Power User Certification
• Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
• Assist in remote and on-site gap assessment of the SIEM solution.
  • Work on defined evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations
  • Assist in interview with stakeholders, review documents (SOPs, Architecture diagrams etc.)
  • Asist in evaluating SIEM based on the defined criteria and prepare audit reports
• Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.
• Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers
  • Verification of data of log sources in the SIEM, following the Common Information Model (CIM)
  • Experience in parsing and masking of data prior to ingestion in SIEM
  • Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution
  • Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources
  • Assist client with technical guidance to configure their log sources (in-scope) to be integrated to the SIEM
• Experience in SIEM content development which includes :
  • Hands-on experience in development and customization of Splunk Apps & Add-Ons
  • Builds advanced visualizations (Interactive Drilldown, Glass tables etc.)
  • Build and integrate contextual data into notable events
  • Experience in creating use cases under Cyber kill chain and MITRE attack framework
  • Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications.
  • Sound knowledge in configuration of Alerts and Reports.
  • Good exposure in automatic lookup, data models and creating complex SPL queries.
  • Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
  • Experience in creating custom commands, custom alert action, adaptive response actions etc.

 

Qualification & experience:

• Minimum of 3 years’ experience in Splunk and 3 to 5 years of overall experience with knowledge in Operating System and basic network technologies
• Experience in SOC as L1/L2 Analyst will be an added advantage
• Strong oral, written and listening skills are an essential component to effective consulting.
• Good to have knowledge of Vulnerability Management, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting
• Certification in any other SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage
• Certifications in a core security related discipline (CEH, Security+, etc.) will be an added advantage.

EY | Building a better working world

EY is building a better working world by creating new value for clients, people, society and the planet, while building trust in capital markets.

Enabled by data, AI and advanced technology, EY teams help clients shape the future with confidence and develop answers for the most pressing issues of today and tomorrow.

EY teams work across a full spectrum of services in assurance, consulting, tax, strategy and transactions. Fueled by sector insights, a globally connected, multi-disciplinary network and diverse ecosystem partners, EY teams can provide services in more than 150 countries and territories.

Experience Level

Senior Level