Enable job alerts via email!
Splunk Engineer
TOSS-EX PR PTE. LTD.
Singapore
On-site
SGD 60,000 - 80,000
Full time
Today
Be an early applicant
Job summary
A technology solutions provider in Singapore is seeking a professional for SIEM Infrastructure administration. The role involves performing SIEM health checks, integrating data from various sources, and developing use cases. Ideal candidates should have experience with Splunk and troubleshooting skills. The position provides an opportunity for professional growth in a dynamic environment.
Qualifications
- Experience with SIEM tools and infrastructure management.
- Proficient in Splunk configurations and troubleshooting.
- Strong problem-solving skills for system optimization.
Responsibilities
- Perform health checks and monitoring of SIEM servers.
- Conduct data onboarding and integration from various sources.
- Develop SIEM use cases and troubleshoot reported issues.
Job description
SIEM Infrastructure administration
- Perform SIEM health check
- Monitor SIEM Server Storage, CPU and Memory Usage and perform necessary action.
- Perform SIEM version upgrade
- Update splunk configurations based on security advisory
- SIEM Infra Tuning and Performance Optimization
- Monitor SIEM data sources proactively to identify issues in the environment (ex: Index Cluster / Search head cluster issues / etc)
SIEM Data onboarding
- Data Onboarding (Including first level assessment, UAT Testing before live)
- Integration numerous logs sources including servers (Windows & Linux), devices and security tools like NAC, PAM, NBAD, IPS DAM, DLP, AV etc.
- Data Parser and CIM Mapping Configuration
SIEM Use Case Development
- Finetuning existing use cases
- Build new use cases
SIEM Troubleshooting and Splunk servers reconciliation
- Troubleshoot, investigate and remediate identified SIEM issues
- Monitor and troubleshoot the servers that have stopped reporting
- Troubleshooting issues with search scheduler management
- Search head tuning and optimization, for missed searches, failed jobs and scheduling searches etc.
- Liaise with IT support groups & service providers to resolve outstanding issues such as log onboarding (e.g. HF related issue – Core team, source related issue – Cyber team to coordinate)
- Reconcile Splunk servers periodically
SIEM Documentation
- Prepare/update SIEM tool SOPs
- Update Splunk built documents, whenever there are changes to Splunk deployment architecture
- Prepare/update Splunk guide for agent installations
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Land a better
job faster
job faster
Follow us
