*Locals Only*
*Location : * *NY-New York/New York CityDuration : 6+ Months* Splunk SME Requirement, Roles, and Responsibilities: 1. The SME will work with various functional team in identifying, coordinating various data sources and bring configure them into Splunk with appropriate used cases as required by NY State Cyber Security Policy standards and guide line. 2. Where needed, the SME will implement additional hardware components to the existing Splunk Architecture including (but not limited to) Deployment Servers, Indexers, Forwarders, and Search Heads. 3. The SME will deploy software updates, include Splunk Apps, and all operating systems including Linux and Microsoft Windows. Knowledge of Third Party tools such as Syslog-NG is also required. 4. This SME will provide knowledge transfer to the MTA IT Security project teams for all Splunk endeavors. 5. The SME consultant will have experience in Splunk platform, search language, GUI interface, and a knowledge of other Security and Compliance tools and how they integrate with Splunk. 6. SME will be required to create various dashboards, alerts and automate integration of splunk with various security controls. 7. Develop uses cases for authentication tracking and account compromise detection; admin and user tracking. 8.Develop uses cases compromised- and infected-system tracking; malware detection by using outbound firewall logs, NIPS alerts and Web proxy logs, as well as internal connectivity logs, network flows, etc. 9. Validating intrusion detection system/intrusion prevention system (IDS/IPS) alerts by using vulnerability data and other context data about the assets collected in Splunk. 10. Monitoring for suspicious outbound connectivity and data transfers by using firewall logs, Web proxy logs and network flows; detecting exfiltration and other suspicious external connectivity. 11. Tracking system changes and other administrative actions across internal systems and matching them to allowed policy; detecting violations of various internal policies, etc. [and, yes, even the classic “root access from an unknown IP in a foreign country at 3AM, leading to system changes” sits here as well] 12. Tracking of Web application attacks and their consequences by using Web server, WAF and application server logs; detecting attempts to compromise and abuse web applications by combining logs from different components. 13. Integrate various security controls with Splunk to automate protection and or block further threat. 14. Assist with threat investigation 15. Document all Splunk related implementation, used cases, process and procudures. Regards, Upendra Nath (Deputy Resource Manager) Ramy Infotech Inc Phone : 408-317-9256 Ext-311 Please Note: Due to high volume of calls, I may miss your call, email is the better way to reach me. *Note: We are working with prime vendor (One Layer between) for this position.* -- You received this message because you are subscribed to the Google Groups "Oracle-Projects" group. To unsubscribe from this group and stop receiving emails from it, send an email to oracle-projects+unsubscr...@googlegroups.com. To post to this group, send email to oracle-projects@googlegroups.com. Visit this group at https://groups.google.com/group/oracle-projects. For more options, visit https://groups.google.com/d/optout.