GMS-Senior-Technology Specialist -Splunk SIEM- UEBA TechOps
Bengaluru, KA, IN, 560016
EY
Mit unseren vier integrierten Geschäftsbereichen — Wirtschaftsprüfung und prüfungsnahe Dienstleistungen, Steuerberatung, Unternehmensberatung und Strategy and Transactions — sowie unserem Branchenwissen unterstützen wir unsere Mandanten dabei,...At EY, you’ll have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. And we’re counting on your unique voice and perspective to help EY become even better, too. Join us and build an exceptional experience for yourself, and a better working world for all.
CMS TDR Senior (TechOps)
KEY Capabilities:
- Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
- Minimum of Splunk Power User Certification
- Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
- Perform the below Splunk UEBA activities
- Implement and manage Splunk UEBA solutions to monitor and analyze user and entity behavior
- Develop and tune UEBA models and alerts to detect anomalies and potential security incidents
- Creating custom models and rules to detect specific behaviors of interest within the network.
- Collaborating with security analysts to refine detection capabilities and improve the overall security posture.
- Stay updated with the latest threats and trends in cybersecurity, focusing on user behavior analytics
- Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems
- Hands-on experience in development and customization of Splunk Apps & Add-Ons
- Builds advanced visualizations (Interactive Drilldown, Glass tables etc.)
- Build and integrate contextual data into notable events
- Experience in creating use cases under Cyber kill chain and MITRE attack framework
- Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications.
- Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc
- Sound knowledge in configuration of Alerts and Reports.
- Good exposure in automatic lookup, data models and creating complex SPL queries.
- Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
- Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations
- Experience in creating custom commands, custom alert action, adaptive response actions etc.
Qualification & experience:
- Minimum of 3 to 7 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
- Strong oral, written and listening skills are an essential component to effective consulting.
- Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
- Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting.
- Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management
- Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices
- Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues
- Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage
- Certifications in a core security related discipline will be an added advantage.
EY | Building a better working world
EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.
Enabled by data and technology, diverse EY teams in over 150 countries provide trust through assurance and help clients grow, transform and operate.
Working across assurance, consulting, law, strategy, tax and transactions, EY teams ask better questions to find new answers for the complex issues facing our world today.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Bash Cyber Kill Chain Exabeam JavaScript Linux Monitoring PowerShell Python QRadar Scripting SIEM Splunk Strategy Vulnerability management Windows XML
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.