EMPREGO

Splunk Admin

Novel Overseas Corporation-Riyadh, Saudi Arabia

Splunk Experience: 4+ Years

Description:

  • Data Collection: Onboarding data to Splunk platform using Syslog, Agenet-based, API, DB Connect, and Http Event Collector
  • Forwarder Management: Managing and administering Splunk Universal Forwarders using Splunk Deployment Server, creating server classes, etc.
  • Indexer Clustering: Managing and administering two-sites indexing clustering, deploy configuration bundle to cluster peers, setting indexer storage capacity and data retention.
  • Search Head Clustering: Managing and administering search head clustering, add
    emove member, backup
    estore\migrate kvstore, push configuration bundle to Splunk search head members.
  • Implementation: Installing, configuring, and upgrading Splunk Enterprise, Universal Forwarder software, and Enterprise Security, configuring License Manager and peers.
  • Normalization: Excellent knowledge with Splunk configuration files, props, transforms, eventtypes, tag, server, etc. Create custom Technology Add-ons to parse non-standard data sources.
  • Knowledge Object: Good knowledge of Splunk knowledge objects (searches, reports, alerts, fields, lookups, macros, datamodel, etc.), assign permission, scheduling, etc.
  • Development: Developing new use cases, dashboards, and reports, creating custom apps and views, and running searches (index-based and datamodel-based).
  • Cybersecurity Background: Good knowledge with Cybersecurity landscape, threats, vulnerabilities, and insider attacks. Good understanding of MITRE ATT&CK framework and Cybersecurity Kill Chain.