- Should be Splunk admin certified and Enterprise Splunk architect certification.
- Performing hands-on architecture, design, and development of systems. Developed Splunk infrastructure and related solutions.
- Standardize and implement Splunk Universal Forwarder deployment, configuration and maintenance in Linux and Windows platforms
- Maintain, Manage and Monitor Splunk Infrastructure (Identify bad searches, dashboards and health of Splunk)
- Used User Behavior Analytic to parse data into Splunk and detect anomalies in true positive events
- Used SNMP (Simple network management protocol) to monitor the application on the server
- Using Splunk Enterprise to perform data mining and analysis, utilizing various queries and reporting methods
- Analyzing and monitoring security-related technologies including host-based firewalls, host-based using IDS, LDP server configuration controls, logging, SIEM, monitoring tools, antivirus systems.
- Actively hunt for and dissect previously unidentified threats and differentiate between potential intrusion attempts and false alarms
- Monitor and detecting security use cases on Splunk e.g. SQL Injection, SQL Map, Burp-suit intruder
- Using Splunk Phantom Security Orchestration, Automation, and Response (SOAR) system to evaluate notable event for correlation alert
- Develop alerts and timed reports Develop and manage Splunk applications
- Performed Splunk knowledge objects e.g. Configuration, Uploading data, field extraction, validation of boarded data, REGEX search, event parsing, and data transformation
- Use Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language.
Perform index administration, maintenance and optimization and
