Splunk SME Specialist - Cumulus Systems Private Limited

Location:

Pune, Maharashtra, India

Job ID:

R0068276

Date Posted:

2024-12-05

Company Name:

HITACHI INDIA PVT. LTD

Profession (Job Category):

Other

Job Schedule: 

Full time

Remote:

No

Job Description:

Job Title: Splunk SME Specialist - Cumulus Systems Private Limited

Grade: Specialist

Location: Pune, Maharashtra

Type of Employment: Permanent, Regular

Salary Range: As per the industry

Company: Cumulus Systems Private Limited (A Group Company of Hitachi)

Roles & Responsibilities:

1. Experience and Technical Expertise:

• Strong experience(3+ years)  working with Splunk in a security operations environment.

• Deep knowledge of  Splunk's components  (indexers, forwarders, search heads, and deployment servers).

• Experience in creating and tuning  SPL queries , developing  Splunk apps , and managing  Splunk Enterprise Security  (ES).

• Hands-on experience in  data parsing, normalization , and  event correlation  using Splunk.

• Proficient in integrating  third-party tools , such as firewalls, intrusion detection systems (IDS), and vulnerability scanners, with Splunk.

2.  Security Knowledge:

• Strong understanding of SIEM use cases for security monitoring and incident detection.

• Knowledge of network security, endpoint security, cloud security, and threat intelligence integration within a SIEM context.

• Experience in detecting and responding to cybersecurity threats (e.g., malware, DDoS attacks, insider threats, APTs).

3. Cloud and Hybrid Environments:

• Experience with hybrid environments, where on-premises and cloud data sources are integrated into Splunk.

• Familiarity with deploying and managing Splunk in cloud environments (e.g., AWS, Azure, Google Cloud).

4. Collaboration and Communication:

• Strong communication skills to work with cross-functional teams (SOC, IT, Compliance, etc.) and translate security data into actionable business insights.

• Ability to communicate technical information effectively to both technical and non-technical stakeholders.

5. Problem-Solving and Troubleshooting:

• Strong troubleshooting skills, particularly when dealing with complex data integration or performance issues in a Splunk environment.

• Ability to identify root causes of security issues and design effective solutions using Splunk.

6.  Data Analytics and Reporting Skills:

• Ability to design and build custom dashboards, reports, and alerts to provide actionable insights from security data.

• Proficiency in data visualization to communicate findings to both technical and non-technical stakeholders.

• Knowledge of KPI and metric tracking for security and operational effectiveness.

7. Scripting and Automation:

• Proficiency in scripting languages such as Python, Bash, or PowerShell for automation tasks.

• Experience with Splunk REST API or SDKs to automate processes or integrate Splunk with other tools in the ecosystem.

8. Certifications:

• Splunk Certified Power User or Splunk Certified Admin certification is typically required or highly preferred.

• Splunk Certified Security Admin or Splunk Certified Security Specialist for those focusing on security-related roles.

Roles and Responsibilities of a Splunk SME: (Standard)

1.  Splunk Platform Implementation and Configuration:

• Lead the deployment, configuration, and integration of Splunk with various data sources and security tools.

• Ensure that Splunk instances (indexers, forwarders, search heads) are set up correctly and optimized for performance.

• Customize Splunk for different security use cases (e.g., monitoring, incident detection, compliance reporting).

2.  Data Collection and Ingestion:

• Configure data inputs, forwarders, and data parsers for various log sources (e.g., network devices, firewalls, endpoints, servers).

• Set up log forwarding and ensure efficient and secure data collection from a wide range of security and IT systems.

• Ensure data normalization and correlation to make it usable for analysis and detection.

3.  Search and Query Optimization:

• Design and develop complex SPL (Search Processing Language) queries to analyse security data.

• Optimize searches for performance and efficiency, especially when working with large datasets.

• Create and maintain reports, dashboards, and alerts for security monitoring and incident response.

4.  Incident Detection and Response:

• Use Splunk to monitor security events in real-time, identifying potential threats and anomalies.

• Configure and fine-tune Splunk's correlation searches and alerts to ensure accurate detection of security incidents (e.g., intrusions, breaches).

• Work with security operations teams to investigate incidents and provide actionable insights from Splunk data.

5.  Security Monitoring and Threat Intelligence Integration:

• Integrate external threat intelligence feeds into Splunk to enhance security monitoring.

• Leverage Splunk’s machine learning capabilities to identify patterns of suspicious activity.

• Create custom detection rules, machine learning models, and analytics to detect emerging threats.

6.  Reporting and Compliance:

• Generate and deliver automated security reports (e.g., for compliance frameworks like GDPR, PCI-DSS, HIPAA).

• Ensure that Splunk data is properly indexed, categorized, and stored to support compliance and auditing requirements.

• Create dashboards and visualizations for executives, managers, and technical teams to track security posture.

7.  Splunk Tuning and Optimization:

• Perform regular health checks of the Splunk environment to ensure high availability, scalability, and performance.

• Tune Splunk configurations (indexing, search, data storage) to maintain optimal performance, especially during peak event loads.

• Troubleshoot and resolve issues related to Splunk performance, data accuracy, or integration challenges.

8.  Collaboration and Knowledge Sharing:

• Work with other security teams (e.g., SOC, Incident Response, Threat Intelligence) to align Splunk’s capabilities with organizational security needs.

• Provide training, mentoring, and best practices for other Splunk users and administrators.

• Stay up to date with new features, apps, and updates to Splunk, and share knowledge with the team.

9.  Documentation and Standards:

• Maintain comprehensive documentation for Splunk configurations, use cases, search queries, and data pipelines.

• Develop standard operating procedures (SOPs) for various Splunk-related tasks (e.g., creating reports, handling incidents, data ingestion).

• Document Splunk customizations, integration processes, and automation to ensure consistency across teams.