Trabajo de Security Enterprise Splunk en Softtek, Ciudad de México - México

Security Enterprise Splunk

Splunk Enterprise Security (SPL, advanced queries, reporting)


​Shared Qualifications:

· Experience in security monitoring, security operations, and incident response activities; preferably within a professional services firm or similar environment

· Experience defining security monitoring rules, monitoring events, assessing risk, responding to incidents and providing security oversight related to the security features of IT tools supported by the IT operations teams

· Knowledge of incident response

· Experience with IT process definition and / or improvement

· Ability to integrate security tools with IT infrastructure such as proxies, mail servers, Active Directory, workstations and mobile devices, etc.

· Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors

· Strong troubleshooting and organizational skills and ability to work on multiple activities simultaneously.

· Hands-on network and systems administration skills with Linux and Windows, including Active Directory competence

· CISSP preferred

· Splunk experience preferred

Monitoring Integration:

· Experience providing engineering support of on premises and cloud security monitoring implementations with familiarity of cloud computing concepts and top-tier cloud providers

· Experience in performing manual and/or automated security configuration reviews of network devices, servers, and workstations

· Experience in administration of security monitoring tools, such as firewalls, IDS/IPS, proxies, SIEM, etc.

· Working knowledge of networking technologies and tools.

· Functional knowledge in shell/bash scripting and/or Python

· Experience in identification and remediation of system, network, and application vulnerabilities; validating vulnerability scanning results and false positives; performing vulnerability assessments using Qualys or other vulnerability assessment tools.

· Experience in clustered Splunk Enterprise Security (ES) deployment with expertise of proper security design philosophy.

· Ability to manage Splunk ES knowledge objects such as apps, dashboards, saved Searches, scheduled searches and alerts; Responsible for working with stakeholders to optimize Splunk ES deployment.

Cyber Incident Response (CSIRT):

· Understanding of network and system intrusion and detection methods and mitigation techniques.

· Experience with technologies such as Splunk, Next Generation Endpoint Protection Platforms (EPP), Security information and event management (SIEM), hacking tools techniques and procedures.

· Experience with malware analysis or endpoint lateral movement detection methodologies or host forensic tools.

· Understanding of some of the following: network protocol analysis, public key infrastructure, SSL, Microsoft Windows and Active Directory, Linux,

· Scripting skills (Python, Shell/BASH) and use of open source Linux security tools.

· Experience with a threat monitoring program and related operational activities.

· Experience developing SIEM content/use cases with specific experience writing content rules

Information Incident Response Team (IIRT)

· Experience monitoring for information incidents, using tools such as DLP (e.g. Symantec DLP)