Splunk - Sentinel Engineer || Remote || W2 Only

Splunk - Sentinel Engineer
Remote.
Contract role

• Splunk Administration: Manage and maintain the Splunk platform, including indexers, search heads, forwarders, and apps. Perform upgrades, patching, and performance tuning. Develop and maintain Splunk dashboards, reports, and alerts. Troubleshoot Splunk performance issues and ensure system availability.
• Migration to Microsoft Sentinel: Lead and execute the migration of security logs and data from Splunk to Microsoft Sentinel. Develop and implement data ingestion pipelines. Configure and customize Sentinel rules, playbooks, and workbooks. Ensure a seamless transition with minimal disruption to security monitoring.
• Security Monitoring and Incident Response: Monitor security events and alerts generated by Splunk and Sentinel. Investigate security incidents and provide timely responses. Collaborate with the security team to develop and implement security policies and procedures.
• SIEM Optimization: Continuously optimize the performance and effectiveness of the SIEM solutions. Identify and address gaps in log coverage. Develop and implement new use cases and detection rules.
• Documentation: Maintain comprehensive documentation of the SIEM architecture, configurations, and processes.
• Collaboration: Work closely with other IT teams, including security, networking, and systems administration, to ensure the effective integration of SIEM solutions with other systems.
• Automation: Automate routine tasks and processes using scripting languages (e.g., Python, PowerShell) to improve efficiency and reduce manual effort.

• Splunk Expertise: Extensive experience with Splunk administration, including installation, configuration, maintenance, and troubleshooting. Proficiency in Splunk Search Processing Language (SPL). Experience with Splunk Enterprise Security is a plus. Keywords: Splunk, SPL, Splunk Administration, Splunk Enterprise Security
• Microsoft Sentinel: Experience with Microsoft Sentinel, including deployment, configuration, and management. Knowledge of KQL (Kusto Query Language). Experience with migrating data to Sentinel. Keywords: Microsoft Sentinel, KQL, Azure Sentinel, Data Migration
• SIEM Principles: Strong understanding of security information and event management (SIEM) concepts and best practices. Keywords: SIEM, Security Information and Event Management
• Security Monitoring: Experience with security monitoring and incident response. Knowledge of common security threats and vulnerabilities. Keywords: Security Monitoring, Incident Response, Threat Detection
• Scripting: Proficiency in scripting languages such as Python or PowerShell. Keywords: Python, PowerShell, Scripting, Automation
• Cloud Computing: Familiarity with cloud computing platforms, preferably Microsoft Azure. Keywords: Azure, Cloud Computing
• Networking: Basic understanding of networking concepts and protocols. Keywords: Networking, TCP/IP
• Operating Systems: Experience with Linux and Windows operating systems. Keywords: Linux, Windows
• Problem-solving: Strong analytical and problem-solving skills.
• Communication: Excellent communication and collaboration skills. ¹  

• Relevant certifications (e.g., Splunk Certified Administrator, Microsoft Certified: Azure Security Engineer Associate).
• Experience with other security tools and technologies.
• Knowledge of IT compliance frameworks (e.g., NIST, ISO 27001).