Vacancy expired!
- Advanced Splunk administration and development efforts, with a goal toward enhancing/building out the Splunk Enterprise Security SAAS infrastructure as it relates to application/machine logs, troubleshooting, reporting, custom queries, dashboards, and security roles administration.
- Design and customize complex search queries, Develop dashboards, data models, reports and optimize their performance
- Monitoring and troubleshooting Splunk SaaS environment. This includes Universal Forwarders, Heavy Forwarders, Clustered Indexing tier, distributed search heads, Splunk peering and Splunk Enterprise Security
- Maintain all components of a distributed SPLUNK SaaS infrastructure including indexer clusters, search head clusters, and deployment servers Provide overall management of the SPLUNK platform
- Creating shell scripts to install Splunk forwarders on all the servers with configuration files such as, inputs.conf, props.conf, etc.
- Working as Splunk content expert and guide administrators in tuning the Splunk SIEM to reduce false positives
- Working with multiple data source owners to onboard data sources by parsing and normalizing the data by following best practices
- Guide Splunk teams in developing advanced connectors of all types, Eg: dbConnect app in Splunk
- Conduct threat surface risk assessment and log sources relevant to be monitored for threats, including identifying event enablement required for potential use cases. This will include cloud infra and integration of cloud events into Splunk ES
- Use case development leveraging all product features (trends, variables, hierarchical architectures, correlation and pattern discovery)