*Hi * *Please lookup the below position and if you feel comfortable ,then please send me your updated resume *
*Position : Splunk System Engineer * *Location : **NYC , NY * *Duration : 9-12 Months Interview : Phone then Face to Face * *Job Requirement* · The SME will work with Client's IT Staff members to operationalize and optimize the uses of Splunk, transfer knowledge, and Integrate Splunk with all Client's IT Security Tools including but not limited to RSA, EPO, and Palo Alto across all Client's IT Environments, especially PeopleSoft, PCI etc. * Job Responsibilities* - The SME will work with various functional team in identifying, coordinating various data sources and bring configure them into Splunk with appropriate used cases as required by NY State Cyber Security Policy standards and guide line. - Where needed, the SME will implement additional hardware components to the existing Splunk Architecture including (but not limited to) Deployment Servers, Indexers, Forwarders, and Search Heads. - The SME will deploy software updates, include Splunk Apps, and all operating systems including Linux and Microsoft Windows. Knowledge of Third Party tools such as Syslog-NG is also required. - This SME will provide knowledge transfer to the Client's IT Security project teams for all Splunk endeavors. - The SME consultant will have experience in Splunk platform, search language, GUI interface, and a knowledge of other Security and Compliance tools and how they integrate with Splunk. - SME will be required to create various dashboards, alerts and automate integration of splunk with various security controls. - Develop uses cases for authentication tracking and account compromise detection; admin and user tracking. - Develop uses cases compromised- and infected-system tracking; malware detection by using outbound firewall logs, NIPS alerts and Web proxy logs, as well as internal connectivity logs, network flows, etc. - Validating intrusion detection system/intrusion prevention system (IDS/IPS) alerts by using vulnerability data and other context data about the assets collected in Splunk. - Monitoring for suspicious outbound connectivity and data transfers by using firewall logs, Web proxy logs and network flows; detecting exfiltration and other suspicious external connectivity. - Tracking system changes and other administrative actions across internal systems and matching them to allowed policy; detecting violations of various internal policies, etc. [and, yes, even the classic “root access from an unknown IP in a foreign country at 3AM, leading to system changes” sits here as well] - Tracking of Web application attacks and their consequences by using Web server, WAF and application server logs; detecting attempts to compromise and abuse web applications by combining logs from different components. - Integrate various security controls with Splunk to automate protection and or block further threat. - Assist with threat investigation - Document all Splunk related implementation, used cases, process and procedures. Regards Sandeep Chauhan Technical Recruiter VSG Business Solutions 221, Cornwell Dr, Bear, DE 19701 Contact No.: 302-261-3207 X 103 Email: sandee...@vsgbusinesssolutions.com -- You received this message because you are subscribed to the Google Groups "Citrix and Sap problems" group. To unsubscribe from this group and stop receiving emails from it, send an email to citrix-and-sap-problems+unsubscr...@googlegroups.com. To post to this group, send email to citrix-and-sap-problems@googlegroups.com. Visit this group at https://groups.google.com/group/citrix-and-sap-problems. For more options, visit https://groups.google.com/d/optout.
