Splunk Engineer with Cisco Experience (Independent candidates)

Role: Splunk CISCO Engineer

Client Location: NYC, NY

Duration: C2H

The following is the qualifications of a Splunk Engineer:

1. Splunk Expertise:

• Splunk Search Processing Language (SPL): Proficiency in using SPL for creating custom queries, reports, dashboards, and alerts.
• Data Ingestion & Indexing: Knowledge of how to configure Splunk to receive data from Cisco devices, including Syslog and SNMP traps.
• App and Add-on Configuration: Experience in installing and configuring the Splunk Cisco App or Cisco Technology Add-ons (TA) for Cisco device integration.
• Splunk Forwarders: Experience with setting up Universal Forwarders or Heavy Forwarders to collect log data from Cisco devices and other network appliances.
• Security Monitoring: Using Splunk to identify and respond to security threats in Cisco device
• Splunk ITSI and ES: Experience with Splunk ITSI and ES preferred

1. Cisco Systems Expertise:

• Cisco Devices: Knowledge of different Cisco devices, such as routers, switches, firewalls and their log outputs.
• Syslog Configuration: Ability to configure Cisco devices to send logs via Syslog to a Splunk server. Understanding Cisco s logging levels (e.g., Debug, Info, Warning, Critical) is crucial.
• SNMP Traps: Experience with configuring and managing SNMP traps on Cisco devices for monitoring network health and performance. Familiarity with SNMP v1, v2c, or v3.
• Syslog Parsing: Ability to handle Cisco-specific syslog formats, such as those from IOS, NX-OS, ASA, and FTD devices.
• Network Management Protocols: Familiarity with common Cisco network management protocols like SNMP, NetFlow, and IPFIX for traffic analysis and reporting.

1. Network Monitoring and Troubleshooting:

• Event and Incident Management: Experience in configuring alerts and triggers within Splunk based on Cisco Syslog events and SNMP traps.
• Real-Time Monitoring: Setting up real-time dashboards for monitoring device health, performance, and security events.
• Troubleshooting Network Issues: Analyzing log data for network issues, security incidents, or performance degradation, leveraging Splunk s analytical capabilities.

1. Automation and Scripting:

• Splunk Automation: Use of Splunk s REST APIs, Python scripts, or Splunk apps to automate log collection, parsing, and alerting from Cisco devices.
• Log Parsing and Normalization: Experience in creating custom props.conf and transforms.conf files for proper parsing and field extraction for Cisco logs.

1. Security Information and Event Management (SIEM):

• SIEM Best Practices: Experience in using Splunk for SIEM purposes, focusing on the integration of Cisco security products like Cisco ASA, Firepower, or AMP for Endpoints to identify and of Cisco security products like Cisco ASA, Firepower, or AMP for Endpoints to identify and respond to security threats.
• Threat Intelligence: Knowledge of integrating threat intelligence feeds into Splunk for better detection and correlation with Cisco device logs.

1. Knowledge of Cisco Technologies:

• Cisco Security: Familiarity with Cisco ASA Firewalls, Firepower Threat Defense (FTD), and how they generate syslog data for intrusion detection, access control, and firewall events.
• Cisco Routers/Switches/VoiceIP: Understanding the syslog format and types of logs generated by Cisco routers and switches (e.g., interface up/down, routing protocol events).
• Cisco Network Monitoring: Experience in using NetFlow or Flexible NetFlow (FNF) data within Splunk to monitor network traffic patterns.

Skills to Include:

Technical Skills:

• Splunk: SPL, Search Head Clustering, Forwarders (Universal/Heavy), Splunk Enterprise, Splunk Apps/Add-ons (Cisco Technology Add-ons)
• Cisco: Syslog Configuration, SNMP Traps, NetFlow, Cisco ASA/FTD/IOS, Cisco Switches/Routers
• Network Protocols: TCP/IP, SNMP, Syslog, NetFlow/IPFIX
• Security: SIEM, Threat Intelligence, IDS/IPS, Firewall Logging, Network Monitoring

Certifications:

• Splunk Certified Admin or Splunk Certified Architect
• Cisco Certified Network Associate (CCNA) or Cisco Certified Network Professional (CCNP)

Relevant Experience

Splunk Engineer Roles/Responsibilities:

• Configured and maintained Splunk Enterprise to collect, index, and analyze log data from Cisco devices including routers, switches, and firewalls (ASA, FTD).
• devices including routers, switches, and firewalls (ASA, FTD).
• Implemented custom SPL queries, dashboards, and alerts for real-time monitoring of Cisco device health and security events.
• Integrated SNMP traps and syslog data from Cisco network devices into Splunk, optimizing event parsing using custom props.conf and transforms.conf files.
• Utilized Splunk s Machine Learning Toolkit to identify network anomalies and potential security threats in data from Cisco Firewalls (ASA/FTD).
• Developed automated reports and alerts for network performance monitoring, leveraging data from Cisco NetFlow and syslogs.
• Troubleshot network incidents and security alerts, providing actionable insights to improve network reliability and security posture.
• Deep understanding of Splunk architecture. Need to know how to administrate Splunk cluster
• Experience with development of Splunk applications, views, dashboards, reports, alerts, data collection, scheduling of alerts and reports
• Knowledge of syslog-NG or other centralized syslog products
• Building internal and external APIs & RESTful web services
• Experience with monitoring solutions and methodologies, including server and network performance, hardware, and web synthetics
• Experience with migrating on-prem Splunk Enterprise to Splunk Cloud preferred

Conclusion:

A Splunk Engineer working with Cisco systems should demonstrate a strong understanding of both

Splunk technologies and Cisco network devices. This includes the ability to integrate, parse, and analyze syslog and SNMP data, configure Cisco devices for log forwarding, and use Splunk for effective network and security monitoring. Specific certifications and hands-on experience with both Cisco and Splunk tools will be highly beneficial.

• Implement and maintain Splunk Enterprise infrastructures and configurations. Deep understanding of Splunk architecture. Need to know how to administrate Splunk cluster
• Experience with development of Splunk applications, views, dashboards, reports, alerts, data collection, scheduling of alerts and reports
• Knowledge of syslog-NG or other centralized syslog products
• Building internal and external APIs & RESTful web services
• Experience with monitoring solutions and methodologies, including server and network performance, hardware, and web synthetics
• Experience with Splunk ITSI and Splunk ES preferred
• Experience with migrating on-prem Splunk Enterprise to Splunk Cloud preferred

Thanks & Regards,

Azam Mohammed

Contact: 551.. 264.. 7249

Email: Aazam (at) pullskill (dot) com