EY Senior Consultant - Global Mobility Assignment Services London 

United Kingdom, England, London 

925389299

KEY Capabilities:

• Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
• Minimum of Splunk Power User Certification
• Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
• Assist in remote and on-site gap assessment of the SIEM solution.
• Work on defined evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations
• Assist in interview with stakeholders, review documents (SOPs, Architecture diagrams etc.)
• Asist in evaluating SIEM based on the defined criteria and prepare audit reports
• Good experience in providing consulting to customers during the testing, evaluation, pilot, production and training phases to ensure a successful deployment.
• Experience in onboarding data into Splunk from various sources including unsupported (in-house built) by creating custom parsers
• Verification of data of log sources in the SIEM, following the Common Information Model (CIM)
• Experience in parsing and masking of data prior to ingestion in SIEM
• Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution
• Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources
• Assist client with technical guidance to configure their log sources (in-scope) to be integrated to the SIEM
• Experience in SIEM content development which includes :
• Hands-on experience in development and customization of Splunk Apps & Add-Ons
• Builds advanced visualizations (Interactive Drilldown, Glass tables etc.)
• Build and integrate contextual data into notable events
• Experience in creating use cases under Cyber kill chain and MITRE attack framework
• Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications.
• Sound knowledge in configuration of Alerts and Reports.
• Good exposure in automatic lookup, data models and creating complex SPL queries.
• Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
• Experience in creating custom commands, custom alert action, adaptive response actions etc.

Qualification & experience:

• Minimum of 3 years’ experience in Splunk and 3 to 5 years of overall experience with knowledge in Operating System and basic network technologies
• Experience in SOC as L1/L2 Analyst will be an added advantage
• Strong oral, written and listening skills are an essential component to effective consulting.
• Good to have knowledge of Vulnerability Management, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting
• Certification in any other SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage
• Certifications in a core security related discipline (CEH, Security+, etc.) will be an added advantage.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.