Tipo de puesto
Empleado de tiempo completo
Splunk Enterprise Security (SPL, advanced queries, reporting)
· Experience in security monitoring, security operations, and incident response activities; preferably within a professional services firm or similar environment
· Experience defining security monitoring rules, monitoring events, assessing risk, responding to incidents and providing security oversight related to the security features of IT tools supported by the IT operations teams
· Knowledge of incident response
· Experience with IT process definition and / or improvement
· Ability to integrate security tools with IT infrastructure such as proxies, mail servers, Active Directory, workstations and mobile devices, etc.
· Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors
· Strong troubleshooting and organizational skills and ability to work on multiple activities simultaneously.
· Hands-on network and systems administration skills with Linux and Windows, including Active Directory competence
· CISSP preferred
· Splunk experience preferred
· Experience providing engineering support of on premises and cloud security monitoring implementations with familiarity of cloud computing concepts and top-tier cloud providers
· Experience in performing manual and/or automated security configuration reviews of network devices, servers, and workstations
· Experience in administration of security monitoring tools, such as firewalls, IDS/IPS, proxies, SIEM, etc.
· Working knowledge of networking technologies and tools.
· Functional knowledge in shell/bash scripting and/or Python
· Experience in identification and remediation of system, network, and application vulnerabilities; validating vulnerability scanning results and false positives; performing vulnerability assessments using Qualys or other vulnerability assessment tools.
· Experience in clustered Splunk Enterprise Security (ES) deployment with expertise of proper security design philosophy.
· Ability to manage Splunk ES knowledge objects such as apps, dashboards, saved Searches, scheduled searches and alerts; Responsible for working with stakeholders to optimize Splunk ES deployment.
Cyber Incident Response (CSIRT):
· Understanding of network and system intrusion and detection methods and mitigation techniques.
· Experience with technologies such as Splunk, Next Generation Endpoint Protection Platforms (EPP), Security information and event management (SIEM), hacking tools techniques and procedures.
· Experience with malware analysis or endpoint lateral movement detection methodologies or host forensic tools.
· Understanding of some of the following: network protocol analysis, public key infrastructure, SSL, Microsoft Windows and Active Directory, Linux,
· Scripting skills (Python, Shell/BASH) and use of open source Linux security tools.
· Experience with a threat monitoring program and related operational activities.
· Experience developing SIEM content/use cases with specific experience writing content rules
Information Incident Response Team (IIRT)
· Experience monitoring for information incidents, using tools such as DLP (e.g. Symantec DLP)