Splunk Expert

Description:

We are looking for a Splunk Expert for the Lahore office (Onsite role).

𝐉𝐨𝐛 𝐋𝐨𝐜𝐚𝐭𝐢𝐨𝐧 (𝐎𝐧𝐬𝐢𝐭𝐞): NETSOL Avenue، Main Ghazi Rd, Lahore

𝐄𝐱𝐩𝐞𝐫𝐢𝐞𝐧𝐜𝐞: 5+ years of experience in relevant fields (Splunk, SOC, and MSSP Services, etc.)

· Good knowledge of SIEM, and SIEM Architecture

· Deployment of Splunk (SIEM & SOAR) solutions

· Troubleshoot issues regarding SIEM and other SOC tools

· Data archive and backup as per compliance requirements

· Raising change management tickets for SOC Administration activities like Patch upgrades for SIEM, onboarding log sources, etc.

· Helping L2 and L1 with required knowledge base

· Coordination with L2 and SOC Monitoring team for troubleshooting issues and highlighting them for further resolution and escalation

· Troubleshooting at the device and connector/agent end to fix the anomaly reported by other teams and observed on a day-to-day basis

· Document incidents, and advisories and review if SLA has been met for Incident alerting and Incident closure

· Update and maintain SOC knowledge base for new security incidents and docs

· Creation of daily status report sheet and submission to SOC manager for review

· Review advisories and make necessary detection measures

· Provide analysis and trending of security log data from a large number of security devices

· Troubleshoot non-reporting devices fixing and maintaining device status

· Build a Parser for the QRadar using regex or other techniques

· Support and enhance event parsing, log collection, storage, automation and monitoring

· Ability to onboard cloud assets in Splunk

· Experience with SOAR workflow configurations and troubleshooting

Required skills and qualifications:

• B.S. in Computer Science or Information Systems
• Minimum 5+ years of experience
• Splunk certified
• Excellent verbal and written communication skills
• Good interpersonal skills