Splunk Developer Location : Nashville, TN
Responsible for implementation, configurations and management of SIEM tools (Splunk) including log source integrations, custom parser built, fine tuning and optimizing the correlation rules and use cases. The activities include: -Configure incident response and remediation workflows for ES - Develop and Implement Actionable Alerts and Workflow for Splunk -Develop and Implement Apps & Knowledge Objects (KO) like Dashboard, Reports, Data Models -Assist and/or train team members and analysts on Content Development -Develop and implement automation and efficiencies with Splunk - Provide Analyst training and workshops on using Splunk - Review new content, alerts and data sources *Education Qualifications: * -BS in Computer Science or equivalent work experience and a minimum of 3+ years of experience in SIEM tools configuration in a medium to large sized IT Organization -Programming – experience with any programming language. Experience with python, perl, ruby or similar a plus. - Capable of hunting malicious activity across multiple security toolsets -Preferred experience in database query language (i.e. MySQL, MSSQL, PostgreSQL) -Understanding of tool ecosystems within EDR, EPP, IDS/IPS, Automated Malware Analysis, Netflow Anomaly Detections, IDS/IPS. -Demonstrated expert understanding of the life cycle of network threats, attacks, attack vectors, and methods of exploitation with an understanding of intrusion tactics and techniques. - Log parsing and analysis skill set -Current threat landscape (threat actors, APT, cyber-crime, etc.) and basic knowledge of threat modeling and kill-chain. -Common security controls – firewalls, proxies, AV, IDS, IPS, etc. - Advanced event analysis leveraging SIEM tools -Self-motivated and comfortable working both independently and as part of a team. *Regards,* *ANKIT MENDIRATTA* *Lead Recruiter* *Net**2**Source Inc.* *Global HQ Address – 7250 Dallas Pkwy, Suite 825 Plano, Texas 75024* *Office: (201) 340-8700 x **459 | Fax: (201) 221-8131| Email: **anki...@net2source.com <anki...@net2source.com>* -- You received this message because you are subscribed to "rtc-linux". Membership options at http://groups.google.com/group/rtc-linux . Please read http://groups.google.com/group/rtc-linux/web/checklist before submitting a driver. --- You received this message because you are subscribed to the Google Groups "rtc-linux" group. To unsubscribe from this group and stop receiving emails from it, send an email to rtc-linux+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/rtc-linux/CALQk_bc2ux%3DDj1WfrYkGh85nY-UKF2seUVOtXKTAngY-2KyJJA%40mail.gmail.com.