*Dear,* *Hope you are doing well….*
*Please send resumes to **prave...@hclglobal.com* <prave...@hclglobal.com> *ROLE* *Splunk SME* *LOCATION* *Manhattan, NY* *DURATION* *LONG TERM* *RATE* *$60/HR ON C2C* *CLIENT* *DIRECT* *INTERVIEW TYPE* *In-person* *State Experience Highly Preferred* *U.S. Citizens and those authorized to work in the U.S. are encouraged to apply* *Note: For H1 While submitting I need consultant I 797 OR ID Proof.* *Responsibilities* 1. The SME will work with various functional team in identifying, coordinating various data sources and bring configure them into Splunk with appropriate used cases as required by NY State Cyber Security Policy standards and guide line. 2. Where needed, the SME will implement additional hardware components to the existing Splunk Architecture including (but not limited to) Deployment Servers, Indexers, Forwarders, and Search Heads. 3. The SME will deploy software updates, include Splunk Apps, and all operating systems including Linux and Microsoft Windows. Knowledge of Third Party tools such as Syslog-NG is also required. 4. This SME will provide knowledge transfer to the MTA IT Security project teams for all Splunk endeavours. 5. The SME consultant will have experience in Splunk platform, search language, GUI interface, and a knowledge of other Security and Compliance tools and how they integrate with Splunk. 6. SME will be required to create various dashboards, alerts and automate integration of Splunk with various security controls. 7. Develop uses cases for authentication tracking and account compromise detection; admin and user tracking. 8. Develop uses cases compromised- and infected-system tracking; malware detection by using outbound firewall logs, NIPS alerts and Web proxy logs, as well as internal connectivity logs, network flows, etc. 9. Validating intrusion detection system/intrusion prevention system (IDS/IPS) alerts by using vulnerability data and other context data about the assets collected in Splunk. 10. Monitoring for suspicious outbound connectivity and data transfers by using firewall logs, Web proxy logs and network flows; detecting exfiltration and other suspicious external connectivity. 11. Tracking system changes and other administrative actions across internal systems and matching them to allowed policy; detecting violations of various internal policies, etc. [and, yes, even the classic “root access from an unknown IP in a foreign country at 3AM, leading to system changes” sits here as well] 12. Tracking of Web application attacks and their consequences by using Web server, WAF and application server logs; detecting attempts to compromise and abuse web applications by combining logs from different components. 13. Integrate various security controls with Splunk to automate protection and or block further threat. 14. Assist with threat investigation 15. Document all Splunk related implementation, used cases, process and procedures 16. Some level of experience and or expertise with Splunk Enterprise Security -- You received this message because you are subscribed to the Google Groups "SAP Workflow" group. To unsubscribe from this group and stop receiving emails from it, send an email to sap-workflow+unsubscr...@googlegroups.com. To post to this group, send email to sap-workflow@googlegroups.com. Visit this group at https://groups.google.com/group/sap-workflow. For more options, visit https://groups.google.com/d/optout.
