EY GMS-Senior-Technology Specialist -Splunk SIEM- UEBA TechOps 

India, Karnataka, Bengaluru 

621678400

KEY Capabilities:

• Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
• Minimum of Splunk Power User Certification
• Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
• Perform the below Splunk UEBA activities
  • Implement and manage Splunk UEBA solutions to monitor and analyze user and entity behavior
  • Develop and tune UEBA models and alerts to detect anomalies and potential security incidents
  • Creating custom models and rules to detect specific behaviors of interest within the network.
  • Collaborating with security analysts to refine detection capabilities and improve the overall security posture.
  • Stay updated with the latest threats and trends in cybersecurity, focusing on user behavior analytics

• Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems
  • Hands-on experience in development and customization of Splunk Apps & Add-Ons
  • Builds advanced visualizations (Interactive Drilldown, Glass tables etc.)
  • Build and integrate contextual data into notable events
  • Experience in creating use cases under Cyber kill chain and MITRE attack framework
  • Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications.
  • Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc
  • Sound knowledge in configuration of Alerts and Reports.
  • Good exposure in automatic lookup, data models and creating complex SPL queries.
  • Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
  • Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations
  • Experience in creating custom commands, custom alert action, adaptive response actions etc.

Qualification & experience:

• Minimum of 3 to 7 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
• Strong oral, written and listening skills are an essential component to effective consulting.
• Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
• Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting.

• Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management
  • Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices
  • Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues

• Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage
• Certifications in a core security related discipline will be an added advantage.

EY exists to build a better working world, helping to create long-term value for clients, people and society and build trust in the capital markets.