• Splunk SME
• Understand about Attacks and Threat
• Develop Query and define syntax in EDR
• Hands-on developing content in Splunk
• 70% hands-on & 30% management
• MSS Background is mandatory

• Implement and maintain detection capabilities across SIEM and EDR/XDR platforms.
• Evaluate existing EDR/SIEM content to determine which content should be removed or updated to improve fidelity.
• Leverage the MITRE ATT&CK framework, monitor the threat landscape and evaluate existing data sources to identify opportunities for new content development for detection and response.
• Research and innovate new mitigation, detection, and response capabilities given input from industry trends, customer feedback, and personal research.
• Support the onboarding of new data sources by developing relevant EDR/SIEM content.
• Develop EDR/SIEM detection uses cases and review with relevant stakeholders, such as engineers, and others.
• Develop and maintain content catalog, including mapping to the MITRE ATT&CK framework, to improve the efficiency of deploying the security stack to new environments.
• Document and communicate detection capabilities and gaps clearly and effectively leveraging multiple industry frameworks including MITRE ATT&CK, the Cyber Kill Chain, and NIST.
• Design, develop, and monitor various dashboards and reports that provide information on content coverage, alerting, and fidelity.
• Collaborate with technology staff at varying levels of expertise to improve logging from various appliances and correct misconfigurations.
• Assess customer needs and expectations, design solutions to meet those needs, and then implement the design.
• Quickly build and solve a problem using a new technology to determine viability.
• Serve as a primary responder for Managed Security customer systems, taking ownership of issues and tracking through resolution.
• Competent Splunk administration experience, expertise.
• Developing new or extending existing apps to perform specialized functionality.
• Maintain & supporting CIM compliance standardization across Splunk SIEM data sources.
• Integrating Splunk with a wide variety of legacy data sources.
• Engaging application and infrastructure teams to establish best practices for utilizing Splunk data and visualizations.

• Minimum 10 years of professional experience supporting and maintaining threat content and as well as Splunk is mandatory.

Kingston Stanley