Cynet Systems Looking for Splunk and Cribl Engineer – Remote / Telecommute at Cary, NC Full Time
We are looking for Splunk and Cribl Engineer – Remote / Telecommute for our client in Cary, NC
Job Title: Splunk and Cribl Engineer – Remote / Telecommute
Job Location: Cary, NC
Job Type: Contract
Job Description:
Responsibilities:
Resources should have extensive experience of data onboarding from different data sources like Network devices ,IDS/IPS logs, Threat intel ,Infrastructure logs (windows, Linux) ,Application logs ,Cloud based applications , SAAS based application , Database logs (SQL, ORACLE etc), proxy/web server logs ,LDAP/AD , DNS logs etc.
Worked on log aggregate tools like Syslog-ng,rsyslog,Haproxy,Nginx etc
Cloud ingestion – Using Splunk forwarders, Use API, Scripted, HEC, and Applications.
Experience on Splunk apps/add-on , how these can be used to onboard data or for CIM compatibility.
Experience on Splunk advanced dashboard creation using java script/CSS/HTML.
Comfortable to write advanced regular expressions or modify/tune existing regexes.
Cribl Stream fundamentals.
Configure Cribl Stream components.
Cribl Advanced Design topics.
Cribl Advanced Configurations.
Understanding Cribl Stream Security.
Stream Application – Internal Management (Cribl).
Solving common problems in Cribl.
Splunk ES (SIEM ) Functionality understanding , how data flows into Splunk ES and how ES dashboard works.
Forwarder management.
Manipulating raw data.
Installing and managing applications.
Experience on Splunk apps/add-on , how these can be used to onboard data or for CIM compatibility.
Experience/Understanding of Splunk knowledge objects(advanced lookups, macros, field extractions, advance alerts, reports/dashboards, tags, data models , event types etc..)
Experience on Splunk advanced dashboard creation using java script/CSS/HTML.
Experience on Splunk app/addon creation (using Python/java script).
Experience on troubleshooting over all components and their functionality.
Experience on summary index/data models/reports and their acceleration.
Comfortable to write advanced regular expressions or modify/tune existing regexes.
Experience on Troubleshooting dashboards/Alerts/reports.
Experience on Splunk ES data mapping.
Experience on Splunk ES use case creation (correlation searches/Notable events).
Experience on setup/configure Splunk ES app and its respective addon/application.
Technique and process to tune/suppress/reduce false positive alerts in Splunk ES.
Understanding of Cyber Security concepts and how to investigate cyber security events using Splunk ES dashboards.
Experience on troubleshooting Splunk ES predefined dashboards.
Experience on Threat intel framework in Splunk ES.
Experience on data masking , data parsing , data trimming , data filtration.
Experience on identifying data issues like timestamp issues , Line break issues ,search time field extraction , index time field extraction.
Should have understanding of transforming, non-transforming, reporting commands in Splunk.
Able to tune reports/dashboards/alerts for best performance.
Experience on improving performance of Splunk components (like CM,DS, search head cluster , indexer cluster).
Able to create Splunk data retention policies.
Experience on Splunk Upgrade (including Splunk agents and other components ), how to secure Splunk , authenticate Splunk (LDAP/AD, two factors).
Worked on Splunk cloud.
Should have fair understanding of all conf files in Splunk and their use/significance.
Should have worked on ticketing tools like Service now/Remedy/Jira.
Should work on Linux/Unix environment , experience on shell scripting.
Basic/advanced network troubleshooting concepts/commands in Linux/Unix environment.
Working experience on API creation for data onboarding and fair understanding on Splunk API.
Problem isolation and working with Splunk Cloud support.
Handle/resolve escalated issues from L2 resources and from customers related to Splunk.
Chair daily/weekly/Monthly customer meetings.
Experience on Splunk ES use case creation (correlation searches/Notable events).
Technique and process to tune/suppress/reduce false positive alerts in Splunk ES.
Understanding of Cyber Security concepts and how to investigate cyber security events using Splunk ES dashboards.
Experience on troubleshooting Splunk ES predefined dashboards.
Experience on Threat intel framework in Splunk ES.
Experience on data masking , data parsing , data trimming , data filtration.
Experience on identifying data issues like timestamp issues , Line break issues ,search time field extraction , index time field extraction.
Should have understanding of transforming, non-transforming, reporting commands in Splunk.
Able to tune reports/dashboards/alerts for best performance.
Worked on Splunk cloud.
Should have fair understanding of all conf files in Splunk and their use/significance.
Should have worked on ticketing tools like Service now/Remedy/Jira.
Should work on Linux/Unix environment , experience on shell scripting.
Basic/advanced network troubleshooting concepts/commands in Linux/Unix environment.
Working experience on API creation for data onboarding and fair understanding on Splunk API.