Splunk Engineer (USC Only)

Job Description

Job Summary:Job Title: Security Operations Senior Analyst / SOC L3 roleJob Description:We require an 8+ Years experienced SOC professional who will be responsible for working on escalated events, evidence collection, analyse, perform forensic investigation, find the root cause of the incident, provide trouble shooting steps.The primary function of this position is to work as a SPLUNK Expert who can perform alert management, high level investigation which includes but not limited to log analysis, forensic evidence collection, analysis, find the root cause and provide remediation steps.This role reports to the SOC Manager.Responsibilities:• Monitoring client security infrastructure, identifying and reporting real time attacks and vulnerabilities on the client network.• Identification of incidents and subsequent analysis and investigation to determine their severity and the response required.• Perform deep dive analysis for escalated incidents, forensic evidence collection• Help L1 and L2 team for triage incidents• High level investigation which includes but not limited to log analysis/forensic evidence collection and analysis• Collection of necessary logs that could help in the incident containment and security investigation and resolution• Triage complex threats and alerts.• Undertake first stages of false positive and false negative analysis• Fine tune policies for reducing false positives• Integrate new devices to Splunk• Run various queries to generate the required reports• Work on new use case integration• Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, Cisco appliances, AV and antimalware software, email security etc.• Understand the subject of Carbon Black alarms and perform deeper analysis• Should have ServiceNow and other ticketing tools experience• Should be able to fetch various Splunk and ServiceNow reports.• Should be able to have better coordination with Splunk vendor and other stake holders