For the SIEM landscape, Enterprise Splunk, a "Splunk Expert" is required.
Role description “Splunk Security Manager”
The Splunk expert has the full task of further developing and expanding the Enterprise Splunk environment in order to increase the security level for the client.
The task environment comprises 3 pillars: use case development, integration of further systems and the connection of log sources, architecture topics.
Use Case Development
A central topic is the use case development, in which the Splunk expert with his own ideas then independently goes into the implementation. The use cases are intended to monitor the heterogeneous system landscape and to show them in the event of corresponding anomalies. These use cases should then be designed as an application in such a way that the analysts in the CERT can work effectively with them.
Another aspect is the integration of other systems and the connection of log sources to the SIEM infrastructure.
Further security systems, such as e.g. security components, have to be connected to the Splunk in order to be able to evaluate their events in Splunk. These events, in turn, can also serve as a data basis for the use cases.
In addition, other log sources are to be connected to the SIEM, for example WAF, Active Directory, DHCP, etc. From an operational point of view, monitoring is necessary for availability and data quality. The CIM conformity of the connected log sources must be ensured.
The Splunk expert independently analyzes and evaluates which other systems and log sources are to be integrated or connected from his expertise in the sense of increasing the security level for the client.
The Splunk expert analyzes the architecture of the SIEM infrastructure. If it is necessary to increase the performance/security level of MAN, extensions or changes can be made. For example, by connecting new log sources, higher performance requirements can arise for the SIEM infrastructure.
This field of activity as a Splunk expert requires extensive experience in Splunk Enterprise in heterogeneous infrastructures:
- at least 5 years as Senior Expert.
- Several years of information security experience.
- the experience should be based in the Splunk environment of large companies / corporations
- in-depth Linux knowledge
- Certification as Splunk Enterprise Architect Splunk and Splunk Enterprise Security Certified Admin
- High degree of independence
- Knowledge in the ITIL v3 area would be an advantage
- Excellent salary and an opportunity to grow within the company
- Induction programs
- Participation in all stages of the development process from architecture design to development using SCRUM methodology
- Exchange experience by working in different teams of professionals
- Recognition programs and rewards
- Free course in German
- Coverage of certification program expenses
- Company-sponsored events and team buildings
- Participation in our social groups of interests: Extreme Sports, Geeks, Photography, etc.
- Access to sports card
- Additional Health insurance
- Nice and friendly atmosphere