Splunk Operations Lead

Overview

Expertise :

Splunk Enterprise Certified Architect, minimum 7–10 years in Splunk enterprise deployments. Responsibilities :

Lead daily Splunk operations and ensure SLA adherence. Perform infrastructure management and health checks. Oversee scaling advisement and expansion readiness. Act as the main point of contact for the Bank’s internal teams. Organized support for major incident response efforts. Job qualifications

Daily health checks and monitoring of Splunk infrastructure performance (indexers, search heads, deployment servers, cluster masters, etc.). Indexer and search head cluster management (including failover and scaling). Splunk upgrades, patch management, and hotfix applications. License usage monitoring and optimization. Onboarding of new data sources, including parsing, field extractions, and CIM (Common Information Model) compliance. Use Case Lifecycle Management (Development, Tuning, Optimization) : Work with stakeholders to identify security monitoring use cases. Develop new detection rules, correlation searches, dashboards, and alerts. Fine-tune existing use cases to reduce false positives and improve detection accuracy. Align all use cases with threat intelligence (MITRE ATT&CK, local TTPs, sectoral threats). Map use cases to regulatory frameworks (SAMA CSF, NCA ECC / CCC, PCI DSS). Develop use cases based on frameworks such as MITRE ATT&CK, OWASP. Map Use-cases for InfoSec tools, security technologies & cover additional InfoSec tool Splunk integration. Creation and maintenance of dashboards (supporting threat hunting, data sources coverage, critical assets coverage and endpoint security control coverage), alerts, reports, and correlation searches. Splunk apps and add-on installation, application onboarding, configuration, and lifecycle management. Splunk optimization by troubleshooting ingestion delays, parsing errors, and search performance issues. Storage capacity management and archiving strategies. Implementing and maintaining Role-Based Access Control (RBAC). Support for compliance, audit, and regulatory reporting requirements. Incident response support by ensuring Splunk visibility for detection and investigation. Documentation of processes, configurations, and knowledge transfer. Continuous monitoring for regulatory compliance. Specialized Reviews & Advisory Services

The Bank requires to utilize Splunk services to perform assessments and optimizations, specifically : Post-Implementation Review Data Model Review Data Source Review Security Integrations & Monitoring Review Scaling Advisement & Expansion Readiness Assessment Advanced use case management Quarterly review of SIEM Architecture & Security Posture Evaluation of existing detection rules Bi-Annual review for planning of SIEM evolution and enhancement

#J-18808-Ljbffr