Splunk Admin
Organization: - Versatile Solution (Versos) Project: SNB (Saudi National Bank)
Total des années d'expérience :17 years, 3 Mois
⮚ Installation updates and patches on the Splunk Platform to ensure It is running smoothly
⮚ Monitoring system performance and capacity to ensure that it can handle the workload of the entire organization
⮚ Configuring new data inputs to allow the collection of new data types or formats
⮚ Creating and Fine-tuning of Use-Case escalated by IR team
⮚ Creating alerts and notifications to notify stakeholders of unusual activity such as security breaches or system failures
⮚ Maintaining documentation of all configurations and changes to the system
⮚ Performing basic troubleshooting when issues occur with the system to identify the cause
⮚ Analyzing data in order to identify patterns, trends, or other useful information
⮚ Providing support to users who are having problems with the system or using it incorrectly
⮚ Auditing and reviewing security practices to prevent security incidents, such as data breaches, denial of service attacks, or malware infections
⮚ Experience in the areas such as Security Operations using different SIEM tools (Splunk) incident Analysis, log analysis, SIEM components integration, change implementation, and the ability to do root cause analysis.
⮚ Working knowledge of the concepts in cyber security and/or information security, including identification of common threats, vulnerabilities, and appropriate mitigation using Recorded future, threat intelligence
⮚ Reporting of cyber threats affecting networks, computer intrusion detection, analysis, and incident response
⮚ Good knowledge of Triage & Redline Report Analysis against isolated Devices.
⮚ A sweep of Hash, URL, and IPs Against the environment to detect affected Devices.
⮚ Strong skills in incident management and problem management in a SOC environment
⮚ Adept in authoring new use cases against the environment and new security practices
⮚ Cross correlate (manual and auto) and analyze events using the SIEM tool to detect security incidents, Willingness to learn new security technologies and products
⮚ Ability to perform investigations and provide recommendations on the detected security incidents.
⮚ Strong skills in different threat areas and common attack
⮚ Skill in performing packet-level analysis.
⮚ Understanding how operating systems work and exploitation works for different Operation Systems and applications.
⮚ Understanding network traffic and being able to analyze network traffic introduced by the malware.
⮚ Key concepts in security management (e.g., Release Management, Patch Management).
⮚ Experience conducting vulnerability scans and recognizing vulnerabilities in security systems.
⮚ Packet-level analysis using appropriate tools (e.g., Wire shark, tcpdump).
⮚ Manage and support the log collection, security scanning, intrusion detection, content filtering, and other security-related systems
⮚ Strong knowledge of the payment card transaction chain and how it can be targeted at different points by cyber criminals
⮚ Lead and execute information security assessments
⮚ Automate frequently executed controls with the aim to drive efficiency and increase coverage in assessments
⮚ Monitor the report on progress of the ongoing projects
⮚ Engage with the clients to understand the requirements, provide regular updates on project status, answer queries and present the reports and findings
⮚ Knowledge of malicious tools used by cyber adversaries to target the financial sector including but not limited to banking Trojans, POS malware, ATM malware, mobile malware, web injects, form-grabbers, and hacking tools
⮚ Experience in using open and closed sources to conduct research and investigations into a range of threat information to extract new, actionable intelligence
⮚ Provide installation, maintenance, upgrades, and troubleshooting of security applications and appliances across all functional departments
⮚ May perform other duties as assigned including work in other areas to cover absences or relief to equalize peak work periods or otherwise balance workload.
⮚ Experience in the areas such as Security Operations using LogRhythm SIEM tools
⮚ Partnering with peer cyber operations teams, and supporting intelligence functions to analyze cyber security events
⮚ Strong skills in incident management and problem management in a SOC environment
⮚ Adept in authoring new use cases against the environment and new security practices
⮚ Ability to perform investigation and provide recommendations on the detected security incidents
⮚ Manage and support the log collection, security scanning, intrusion detection, content filtering, and other security-related systems
⮚ Experience in the area of the information security domain
⮚ Monitor multiple security technologies such as Windows, Web security, IDS/IPS, Syslog, file integrity, user activity, vulnerability scanners, firewalls
⮚ Cross correlate (manual and auto) and analyze events using the SIEM tool to detect security incidents, Willingness to learn new security technologies and products
⮚ Strong skills in incident management and problem management in a SOC environment
⮚ Ability to author/follow detailed operational processes and procedures to analyze, escalate and assist in remediation of critical information security incidents
⮚ Adept in authoring new use cases against the environment and new security practices
⮚ Good communication skills, interpersonal skills, and ability to work independently creating & maintaining VPN accounts for the operations team.
⮚ Maintain and troubleshoot the LAN & WAN Network related issues.
⮚ Upgrade Cisco Routers, Switches IOS using TFTP Server.
⮚ Configuring and implementing 2950, 3750 & 6509 series switches.
⮚ Maintaining the backups of Running, startup configuration, and IOS backup.
⮚ Creating User names and passwords for the users in the Secure ACS Server.
⮚ Configuration, verification, and approval for New Network Device during Implementation Project. Coordination with Cisco for replacement of faulty equipment (RMA).
⮚ Coordination with Cisco for replacement of faulty equipment (RMA).
⮚ Worked on different monitoring tools like WCS and Cisco Works LMS.
⮚ Configuring the VLANs like DATA, IPT, AV, Wireless, and IPTV on the 3750 switches.
⮚ Visiting the sites to solve problems whenever the network goes down.
⮚ Configuring Layer-2 and Layer-3 port channels between the devices.
⮚ Add the network devices into the LMS tool to view the entire network.
⮚ Monitor computer networks for security issues.
⮚ Investigate triaged events and incidents using SIEM technologies, Endpoint Detection and
⮚ Response platforms, and various cyber security tools.
⮚ Analyze, escalate, and assist in the remediation of critical OT security incidents.
⮚ Support Incident Response Plan through Tier one support of activities surrounding following the
PICERL model; Preparation, Identification, Containment, Eradication, Recovery & Lessons
Learned.
⮚ Assist in enforcing and auditing OT security policies and procedures such as access, breach
Escalation, use of firewalls, and encryption routines.
⮚ Assist in updating, maintaining, and documenting security controls. Provides direction and support to clients and internal IT and OT groups for information security-related issues.
⮚ Assist in performing high-level analysis of complex and disparate computing systems, networks, and data architectures to identify, rectify, and prevent technical and OT security vulnerabilities.
⮚ Demonstrate high-level technical skills in the areas of OT security, networking, and computer systems, and excellent capacity for grasping relevant details and complex systems analysis.
⮚ Perform other related duties as assigned by the supervisor.
⮚ Investigate security breaches and other cyber security incidents.
⮚ Work with the security team to perform tests and uncover network vulnerabilities.
⮚ Fix detected vulnerabilities to maintain a high-security standard.
⮚ Observing IT and OT security trends and news.
⮚ Develop company-wide best practices for OT security.
⮚ Help colleagues install security software and understand information security management.
⮚ Research security enhancements and make recommendations to management.
⮚ Stay up-to-date on OT cyber security trends and security standards.
⮚ Manage security alerts and monitor the health of security sensors and endpoints
⮚ Maintain and support OT sensors and collect data and context necessary to initiate work.
⮚ Design and implement security policies using Access Control List.
⮚ Redistributing Routing Protocols.
⮚ Install, configure, and maintain network services, equipment, and devices.
⮚ Perform all kinds of Troubleshooting of LAN, WAN, Workstations, and IP phones.
⮚ Create and maintain comprehensive documentation for all implemented networks.
⮚ Installation & configuration of MS Win Xp/Vista/Win7 & win 2003/2008 on work station
⮚ Troubleshooting and resolving network, Operating system & Hardware Problems
⮚ Configuring Port/Link Aggregations with negotiation protocols like PAGP, and LACP.
⮚ Participate in developing networking and design documentation.