- Willingness to work 24x7 Security Operation Center (SOC) environment.
- Creating dashboards, user Management, and Splunk configuration, Event back UP Expertise in managing Splunk Enterprise security platform.
- Familiarity with Splunk architecture, integration, configure log sources for a variety of environments
- Experience in managing a distributed Splunk environment consisting of Search heads, Indexers, Cluster masters, Deployers, Deployment Servers, and Heavy/Universal forwarders
- Experience in Developing operational and executive dashboards, Reports, Alerts, Visualizations and Optimize searches
- Implementing new data sources
- Provide analysis and trending of security log data from various devices.
- Provide Incident Response (IR) support when analysis confirms the actionable incident.
- Provide threat and vulnerability analysis as well as security advisory services.
- Analyze and respond to previously undisclosed software and hardware vulnerabilities
- Investigate, document, and report on information security issues and emerging trends.
- On-call duties to quickly respond to and remediate P1 and P2 incidents
- Response and participation on Critical incidents as part of an Emergency Response Team (ERT)
- Knowledge of Windows & Linux platforms, Security applications like EDR Crowdstrike, Zscaler Azure identity Protection, etc.