EY- GDS- Cybersecurity- NGSO Consultant- Senior
Miguel Hidalgo, MX, 11520
EY
Mit unseren vier integrierten Geschäftsbereichen — Wirtschaftsprüfung und prüfungsnahe Dienstleistungen, Steuerberatung, Unternehmensberatung und Strategy and Transactions — sowie unserem Branchenwissen unterstützen wir unsere Mandanten dabei,...Senior (CTM – Threat Detection & Response)
KEY Capabilities:
- Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
- Minimum of Splunk Power User Certification
- Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
- Perform remote and on-site gap assessment of the SIEM solution.
- Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations
- Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.)
- Evaluate SIEM based on the defined criteria and prepare audit reports
- Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.
- Understand customer requirements and recommend best practices for SIEM solutions.
- Offer consultative advice in security principles and best practices related to SIEM operations
- Design and document a SIEM solution to meet the customer needs
- Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers
- Verification of data of log sources in the SIEM, following the Common Information Model (CIM)
- Experience in parsing and masking of data prior to ingestion in SIEM
- Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution
- Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources
- Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM
- Experience in handling big data integration via Splunk
- Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems
- Hands-on experience in development and customization of Splunk Apps & Add-Ons
- Builds advanced visualizations (Interactive Drilldown, Glass tables etc.)
- Build and integrate contextual data into notable events
- Experience in creating use cases under Cyber kill chain and MITRE attack framework
- Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications.
- Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc
- Sound knowledge in configuration of Alerts and Reports.
- Good exposure in automatic lookup, data models and creating complex SPL queries.
- Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
- Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations
- Experience in creating custom commands, custom alert action, adaptive response actions etc.
Qualification & experience:
- Minimum of 5 to 11 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
- Strong oral, written and listening skills are an essential component to effective consulting.
- Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
- Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting.
- Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management
- Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices
- Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues
- Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage
- Certifications in a core security related discipline will be an added advantage.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
1
0
0
Category:
Consulting Jobs
Tags: Analytics Bash Big Data Cyber Kill Chain Exabeam JavaScript Linux Monitoring PowerShell Python QRadar Scripting SIEM Splunk Threat detection Vulnerability management Windows XML
Region:
North America
Country:
Mexico
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information System Security Officer jobsSenior Cloud Security Engineer jobsSenior Security Analyst jobsInformation Security Manager jobsSenior Cybersecurity Engineer jobsInformation Security Specialist jobsSenior Network Security Engineer jobsSecurity Consultant jobsIT Security Engineer jobsSenior Penetration Tester jobsSenior Information Security Analyst jobsSecurity Specialist jobsCyber Security Specialist jobsSenior Cyber Security Engineer jobsChief Information Security Officer jobsInformation System Security Officer (ISSO) jobsIT Security Analyst jobsSystems Engineer jobsStaff Security Engineer jobsPrincipal Security Engineer jobsCloud Security Architect jobsSenior Product Security Engineer jobsSystems Administrator jobsCyber Security Architect jobsSecurity Operations Analyst jobs
CI/CD jobsMalware jobsSaaS jobsForensics jobsEDR jobsSDLC jobsEncryption jobsIDS jobsBash jobsSplunk jobsTop Secret jobsIPS jobsRMF jobsOWASP jobsIntrusion detection jobsSQL jobsThreat detection jobsCompTIA jobsFinance jobsDocker jobsDoDD 8570 jobsITIL jobsCRISC jobsActive Directory jobsGIAC jobs
VPN jobsHIPAA jobsTCP/IP jobsMITRE ATT&CK jobsTerraform jobsOSCP jobsUNIX jobsIT infrastructure jobsBanking jobsClearance Required jobsSANS jobsPolygraph jobsJavaScript jobsDNS jobsCISO jobsSOX jobsSOC 2 jobsAnsible jobsCCSP jobsJira jobsData Analytics jobsSOAR jobsIndustrial jobsCyber defense jobsGCIH jobs