Cyber Splunk Specialist Master (44347)
- Build relationships with clients and foster future working opportunities
- Lead teams of elite talent in delivering service to clients
- Perform Splunk configuration management, troubleshooting, addressing complex issues including day to day operations management related to Splunk.
- Log sources integration and onboarding including custom parser development and tuning. Develop scripts to simplify data collection and automate data onboarding tasks.
- Perform Splunk architecture assessments, design reviews and come up with areas of improvements.
- Help maintain content development/deployment baseline across clients based on the maturity of the client environment as well as the latest trends in security.
- Create Use Case pipeline per client environment, business needs and based on the industry leading standards, best practices and frameworks (like MITRE).
- Deliver SIEM advisory support and education to other SOC and technology management personnel.
- Help define, implement and monitor key risk indicators and key performance indicators (KRIs/KPIs).
- Keep abreast of latest IT security, regulatory and compliance trends to support various risk and data models.
- Review system security plans, network diagrams, and vulnerability and patching requirements.
- Develop scripts to simplify data collection and automate data onboarding tasks.
- Perform quality review of HLUC, TUC, Use Case Testing, Parser, Runbooks and other Technical documents.
- Submit documentation through the Quality Review Management process.
- Mentor and train Splunk resources.
- Coordinate with various technical groups and attend in-person client meetings.
- Adhere to internal operational security and other Deloitte policies.
- Participate in short term project work as assigned.
- Design and implement unique data management solutions for some of the largest enterprises
- Bachelor of engineering or Science in computers, information systems, information security, Math, decision sciences, risk management, or other business/technology disciplines or equivalent work experience
- 5+ years' experience in security information and/or technology engineering support.
- 4+ years experience in project management or client services delivery
- Certified Information Systems Security Professional (CISSP), Certification in Certified Intrusion Analyst (GIAC), Continuous Monitoring (GMON), Certified Ethical Hacker (CEH) or equivalent
- Extensive experience in security technologies such as: Security information and event management (SIEM), IDS/IPS, Data Loss Prevention (DLP), Proxy, Web Application Firewall (WAF), Endpoint detection and response (EDR), Anti-Virus, Sandboxing, network- and host- based firewalls, Threat Intelligence, Penetration Testing, etc.
- Knowledge of Advanced Persistent Threats (APT) tactics, technics and procedures
- Understanding of possible attack activities such as network probing/ scanning, DDOS, malicious code activity, etc.
- Understanding of common network infrastructure devices such as routers and switches
- Understanding of basic networking protocols such as TCP/IP, DNS, HTTP
- Detailed knowledge in system security architecture and security solutions
- Certified Splunk Admin, Power User, or equivalent skillset
- Travel up to 60% (While 60% of travel is a requirement of the role, due to COVID-19, non-essential travel has been suspended until further notice)
- Limited immigration sponsorship may be available
- Splunk data onboarding
- Splunk App/TA configuration
- CIM validation
- Universal/Heavy Forwarder configuration experience
- Including encryption and compression settings
- Management/deployment experience with large scale/distributed Splunk environments
- Excellent interpersonal and organizational skills
- Excellent oral and written communication skills
- Strong analytical and problem-solving skills
- Self-motivated to improve knowledge and skills
- A strong desire to understand the what as well as the why and the how of security incidents