Role description:
* Create HLD/LLD and solution documents for Splunk deployment across enterprise.
* Lead the deployment and management of Splunk Cloud solutions, ensuring seamless integration with existing systems.
* Configure and integrate Splunk Cloud with existing systems and data sources.
* Perform testing and validation of the cloud deployment.
* Identify and prioritize data sources for onboarding into Splunk.
* Develop and implement data ingestion strategies.
* Ensure data quality, normalization, and enrichment.
* Perform routine administration tasks such as user management, index management, and system monitoring.
* Optimize Splunk performance through tuning and configuration adjustments.
* Manage Splunk licenses and upgrade processes.
* Develop and maintain troubleshooting guides and knowledge base articles.
* Collaborate with vendors for support and issue resolution.
* Maintain detailed documentation of Splunk configurations, processes, and procedures.
Key responsibilities:
* Experience in developing comprehensive Splunk architecture tailored to the organizations security requirements, compliance standards, and infrastructure.
* Good insight of designing data collection strategies, including log sources, event types, and data normalization techniques, to ensure maximum coverage and accuracy.
* Implementation knowledge of correlation rules, use cases, and threat intelligence feeds to enhance detection capabilities and reduce false positives.
* Knowledge of integration with other security tools and platforms for seamless information sharing and incident response.
* Handon knowledge in deployment and configuration of SIEM components, including collectors, aggregators, correlation engines, and user interfaces, based on architectural designs.
* Develop and maintain SIEM integrations, ensuring comprehensive security monitoring and threat detection capabilities.
* Manage the ingestion of diverse data sources into Splunk, ensuring data quality and consistency.
* Ensure Splunk deployments adhere to security best practices and compliance requirements.
* Identify and resolve issues related to Splunk performance, data integrity, and security.
* Work closely with cross-functional teams, including IT, security, and operations, to align Splunk solutions with business objectives.
* Maintain comprehensive documentation of Splunk configurations, processes, and procedures.
Key skills/knowledge/experience:
* Knowledge of integration with other security tools and platforms for seamless information sharing and incident response.
* Design and implement scalable Splunk architectures to meet the needs of our enterprise environment.