Expoint - all jobs in one place

The point where experts and best companies meet

Limitless High-tech career opportunities - Expoint

EY EY- GDS- Cybersecurity- NGSO Consultant- Senior 
Mexico, Mexico City 
829315798

01.12.2024

KEY Capabilities:

  • Experience in working with Splunk Enterprise, Splunk Enterprise Security & Splunk UEBA
  • Minimum of Splunk Power User Certification
  • Good knowledge in programming or Scripting languages such as Python (preferred), JavaScript (preferred), Bash, PowerShell, Bash, etc.
  • Perform remote and on-site gap assessment of the SIEM solution.
    • Define evaluation criteria & approach based on the Client requirement & scope factoring industry best practices & regulations
    • Conduct interview with stakeholders, review documents (SOPs, Architecture diagrams etc.)
    • Evaluate SIEM based on the defined criteria and prepare audit reports
    • Understand customer requirements and recommend best practices for SIEM solutions.
    • Offer consultative advice in security principles and best practices related to SIEM operations
    • Design and document a SIEM solution to meet the customer needs
  • Experience in onboarding data intoSplunkfrom various sources including unsupported (in-house built) by creating custom parsers
    • Verification of data of log sources in the SIEM, following the Common Information Model (CIM)
    • Experience in parsing and masking of data prior to ingestion in SIEM
    • Provide support for the data collection, processing, analysis and operational reporting systems including planning, installation, configuration, testing, troubleshooting and problem resolution
    • Assist clients to fully optimize the SIEM system capabilities as well as the audit and logging features of the event log sources
    • Assist client with technical guidance to configure end log sources (in-scope) to be integrated to the SIEM
    • Experience in handling big data integration via Splunk
  • Expertise in SIEM content development which includes developing process for automated security event monitoring and alerting along with corresponding event response plans for systems
    • Hands-on experience in development and customization of Splunk Apps & Add-Ons
    • Builds advanced visualizations (Interactive Drilldown, Glass tables etc.)
    • Build and integrate contextual data into notable events
    • Experience in creating use cases under Cyber kill chain and MITRE attack framework
    • Capability in developing advanced dashboards (with CSS, JavaScript, HTML, XML) and reports that can provide near real time visibility into the performance of client applications.
    • Experience in installation, configuration and usage of premium Splunk Apps and Add-ons such as ES App, UEBA, ITSI etc
    • Sound knowledge in configuration of Alerts and Reports.
    • Good exposure in automatic lookup, data models and creating complex SPL queries.
    • Create, modify and tune the SIEM rules to adjust the specifications of alerts and incidents to meet client requirement
    • Work with the client SPOC to for correlation rule tuning (as per use case management life cycle), incident classification and prioritization recommendations
    • Experience in creating custom commands, custom alert action, adaptive response actions etc.

Qualification & experience:

  • Minimum of 5 to 11 years’ experience with a depth of network architecture knowledge that will translate over to deploying and integrating a complicated security intelligence solution into global enterprise environments.
  • Strong oral, written and listening skills are an essential component to effective consulting.
  • Strong background in network administration. Ability to work at all layers of the OSI models, including being able to explain communication at any level is necessary.
  • Must have knowledge of Vulnerability Management, Windows and Linux basics including installations, Windows Domains, trusts, GPOs, server roles, Windows security policies, user administration, Linux security and troubleshooting.
  • Good to have below mentioned experience with designing and implementation of Splunk with a focus on IT Operations, Application Analytics, User Experience, Application Performance and Security Management
    • Multiple cluster deployments & management experience as per Vendor guidelines and industry best practices
    • Troubleshoot Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues
  • Certification in any one of the SIEM Solution such as IBM QRadar, Exabeam, Securonix will be an added advantage
  • Certifications in a core security related discipline will be an added advantage.