Splunk Principle Analyst #456
Pinpoint Resource Group
Raleigh, North Carolina, United States
Job type: fulltime
Job industry: I.T. & Communications
MUST HAVE- Skills / Prior Experience:
Splunk Certification Splunk Certificated Administrator minimum required, Experience working with Enterprise Splunk, Splunk ES, Securonix, and other security solutions in client environments.
PLUS/NICE TO HAVE - Skills/Prior Experience:
Certified Splunk Enterprise Security Administrator preferred
1. Coordinate efforts related to ingesting application logs from line of business application owners. Everything from initial contact to validation of ingestion and use case development
2. Work with Systems engineers to facilitate data migration at pre-determined change windows and document changes via ServiceNow
3. Work with application owners to understand and document current logging stances
4. Work with application owners to develop CIM compliant logging where it does not currently exist
5. Work with application owners to create network dependency maps
6. Work with application owners to ensure application logging is commensurate with corporate minimum security baseline (MSB) policies
7. Work with application owners to determine log type and anticipated log volume, document and relay information to system engineers to ensure adequate capacity.
8. Work with application owners and Splunk Administrators to prepare for, implement, and validate log migrations from legacy systems to Splunk.
9. Work with application owners to develop potential use cases for data ingested.
10. Work with application owners and Cyber Threat Operation Center (CTOC) to develop alerting requirements for anomalous activity.