Splunk Engineer
Advanced Micro Devices
- Hyderabad, Telangana
- Permanent
- Full-time
- Install, configure, and update Splunk Enterprise and Splunk Enterprise Security environments in a multi-site environment, following best practices from Splunk Professional Services.
- Configure multi-site Search Head clustering and advanced Splunk options like Indexer.
- Ability to handle technical add-ons for efficiently on-barding data and meeting Splunk CIM compliance for Enterprise Security accelerated data models.
- Troubleshoot and resolve issues discovered during log onboarding
- Demonstrated experience working with Security and operations team to clarify needs and requirements and to build a solution vision, including experience articulating the value of analysing machine data for operational intelligence, security, and compliance.
- Interface with AMD IT team to provide SIEM-driven insight into operations, risk, performance and behaviour
- Implement, architect, administer Splunk and Splunk Enterprise Security Suite and perform data ingestion and data visualization for Splunk and Splunk Enterprise Security Suite
- Extend SIEM to integrate threat intelligence sources in context of AMD’s risk profile
- Ability to collaborate on the design and implementation of security configurations and services to support SIEM data capture and significant analysis
- Correlate AMD’s service and app activities with threat intelligence, to pinpoint risk areas, IoCs, trajectories.
- Collaborate with AMD Product Development groups to augment and scale product logging capabilities for increased alignment and analytics with SIEM
- Administer and tune Splunk architecture, handle escalation and issue resolution for the SIEM platform components
- Develop real-time analysis of security and application data, delivering timely vision to support risk-driven detection and response.
- Achieve capacity planning for Splunk infrastructure
- Strong knowledge of security concepts, networks, risk procedures, security patterns, authentication technologies and security attacks.
- Capacity to develop, evaluate, and document specific metrics for management purposes.
- Ability to perform maintenance and optimisation of existing clustered Splunk deployments.
- Experience in creating dashboards to monitor the traffic volumes, response times, errors, and warnings across various data centres.
- Proficiency in developing documentation with processes and procedures.
- In-depth experience in using customer focused Splunk Enterprise Security SIEM engineering background.
- Ability to create, manage, and support automation solutions for Splunk deployment and orchestration in on-site and cloud environments.
- Experience with Splunk Enterprise Security or integration with other Security Information and Event Management (SIEM) platforms.
- Proficiency in data on-boarding activities including routing, parsing, and normalizing events to the Splunk Common Information Model (CIM).
- Proficiency in onboarding data using Splunk developed add-ons for Windows, Linux, and common third-party devices and applications.
- Bachelor’s Degree.
- Splunk Certification (Certified Admin or Certified Architect) preferable