Persistent Systems
Location
Pune | India
Job description
About Position:
Candidate Should have experience in Splunk Enterprise / Cloud (Deployment, Administration & Development). Role: SOC L3 Analyst Location: Pune, Hyderabad Experience: 5-8 Years Job Type: Fulltime What you’ll do: Deployment and configuration of Splunk platform (Enterprise) / Splunk Cloud. Demonstrate Splunk Core capabilities to prospective clients. Optimize Splunk platform architecture for large-scale and distributed deployments. Adopt best practices and development standards, deploying the same. Develop and fine tune Splunk security monitoring rules along with writing Splunk Alert Detection Strategy (ADS) templates Develop and customize Splunk apps and dashboards, building advanced visualizations. Analyzing and triaging security alerts generated by the SOC tools, making informed decisions on the appropriate response. Responding to security incidents, taking appropriate actions to contain, mitigate, and remediate security threats. Collaborating with other members of the SOC team, as well as internal and external stakeholders, to resolve complex security incidents. Keeping up to date with the latest cybersecurity threats, trends, and technologies to improve the efficiency and effectiveness of incident response. Documenting security incidents, responses, and related information in accordance with established procedures. Mentoring and training lower-level SOC technicians on the use of the SOC tools and incident response best practices Expertise you’ll bring: Good understanding cyber-attack methods and tactics to perform advanced analysis of security logs in order to detect unauthorized behavior Execute incident response process when a security incident has been declared. Maintain logs related to network functions, as well as maintenance and repair records. Document and present findings to management suitable for customer Administering Production Systems with Splunk platform and multiple data sources (Metrics, Windows sources, HEC, etc.). Good knowledge on administering splunk indexer clusters, search head clustering, maintaining KVStores, maintain macros and views. Must have working knowledge of an enterprise log management tool. Knowledge on splunk .conf files, administering splunk on Linux systems, splunk data retention policies. Splunk log source integration. Execute migration/upgrade for Splunk platform. Perform in-depth diagnostic of security incidents, identifying root causes and updating security incident reports with detailed RCA aligned with NIST and ISO27001 Document resolved issues effectively for knowledge management. Cross-train peers on tool usage and assist in creating best practices. Work independently on multiple assignments, proactively prioritizing focus and effort. Hands-on knowledge of Deployment, Administration, and Development of the Splunk Enterprise and Cloud platform. Implement and maintain Splunk platform infrastructure and configuration. Provide day-to-day operational and user support. Execute new projects, data, and user onboarding. Integrate other tools like JIRA, ServiceNow, Jenkins, AWS, IBM QRadar, PowerBI, etc., with Splunk using 3rd party apps. Proficient in writing SPL queries for security event monitoring & alerting, advanced threat hunting including fine tuning queries for performance / false-positives and writing new queries for coverage against MITRE Experience in advanced-level dashboarding, scheduled jobs, Data models, Lookups, and other knowledge objects. Experience in performance optimization of existing dashboards, reports, and alerts. Experience in MLTK, DB Connect Apps, and proficiency in at least one scripting tool (Python / Shell). Benefits: Competitive salary and benefits package Culture focused on talent development with quarterly promotion cycles and company-sponsored higher education and certifications Opportunity to work with cutting-edge technologies Employee engagement initiatives such as project parties, flexible work hours, and Long Service awards Annual health check-ups Insurance coverage: group term life, personal accident, and Mediclaim hospitalization for self, spouse, two children, and parents Our company fosters a values-driven and people-centric work environment that enables our employees to: Accelerate growth, both professionally and personally Impact the world in powerful, positive ways, using the latest technologies Enjoy collaborative innovation, with diversity and work-life wellbeing at the core Unlock global opportunities to work and learn with the industry’s best Let’s unleash your full potential at Persistent “Persistent is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind.”Job tags
Salary
