Splunk SME

Deep expertise in Splunk Enterprise and Enterprise Security, along with a strong background in AWS infrastructure, security services, and automation using Terraform. Ensuring the security and efficiency of enterprise systems while supporting compliance and observability initiatives.

Technical Requirements:

Splunk Skillset:

• Expertise in managing Splunk components and architecture.
• Experience with Splunk Add-Ons and Apps, including:
• Splunk Add-On for AWS
• Splunk Add-On for Windows
• Google Workspace for Splunk
• Administration of both Splunk Enterprise and Enterprise Security modules.
• Strong Linux/Unix administration skills for host OS management and patching.
• Experience with major version upgrades of Splunk and related systems.
• Splunk certifications preferred:
• Splunk Enterprise Security Certified Admin
• Splunk Certified Cybersecurity Defense Analyst

XSOAR Skillset:

• Experience configuring and customizing Palo Alto Cortex XSOAR, including:
• Incident Types, Fields, Classifications, and Mappings
• Playbook creation and modifications (e.g., Generic Polling)
• Threat Intelligence Management (TIM)
• Certification preferred:
• Palo Alto Certified Security Automation Engineer (PCSAE)

Cloud & Security Experience:

• 5+ years of experience in IT, with deep technical expertise in:
• AWS security and infrastructure (EC2, ELB, GuardDuty, Config, Inspector, Security Hub, RDS, Route53, S3, VPC, VPN, TGW, CloudWatch, CloudTrail, EventBridge, etc.)
• Enterprise security solutions: WAF, IPS, DDoS, SIEM
• Security automation using Terraform (Infrastructure as Code)
• Experience managing security products such as:
• Tenable Nessus
• Palo Alto Firewall
• Cortex XSOAR
• Knowledge of regulatory frameworks and standards (NIST, PCI, ISO 27001, HIPAA)
• Cloud Architecture Certification (AWS, Google Cloud Platform, or Azure) preferred
• Security certifications (ISO 27001, CISSP, CISM) are a plus
• Prior experience supporting FedRAMP-compliant projects is desirable