Charter Global · 3 hours ago
Splunk Architect
Maximize your interview chances
Insider Connection @Charter Global
Get 3x more responses when you reach out via email instead of LinkedIn.
Responsibilities
Lead the assessment of the client's SIEM platform, ensuring thorough evaluation and documentation of its current state.
Obtain and review all relevant documentation related to the SIEM deployment, including architecture diagrams, data flow diagrams, process flows, and procedures.
Conduct up to eight data gathering meetings with representative members from the SIEM and Security Operations teams to gather insights and understand the operational context.
Analyze the SIEM platform across focus areas following SIEM Assessment Framework, which includes:
System Architecture: Evaluate SIEM’s system components (forwarders, search heads, indexers, etc.), assess non-functional requirements (availability, scalability, performance, data retention, monitoring), review the health monitoring process, and examine the current integration with the ServiceNow Security Incident Response (SIR) module.
Data Management: Evaluate data management processes including data source onboarding and prioritization, data pipelines, log streaming, data quality and normalization, and data enrichment.
Use Case Development: Evaluate intake, prioritization, development, and detection-as-code processes.
Governance: Evaluate the existing governance framework, operating and interaction models, relevant policies and standards, governing committees and working groups, and training programs.
Document and prioritize observations and improvement recommendations based on EY’s observed industry-leading practices.
Assess the status of findings from the 2023 SIEM assessment.
Document the activities performed during the revalidation process, including any interactions with client personnel or reviews of relevant documentation.
Prepare a comprehensive report providing a clear and concise status update on each finding from the 2023 assessment.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Proven experience in managing and leading SIEM assessments, preferably with a focus on Splunk.
Strong understanding of SIEM system components, data management processes, use case development, and governance frameworks.
Excellent analytical and problem-solving skills, with the ability to identify and prioritize improvement opportunities.
Strong communication and leadership skills, with the ability to lead a team of consultants and interact effectively with client teams.
Experience in documenting assessments and preparing detailed reports.
Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
Minimum of 6 years of experience in a similar role, with a proven track record of successful SIEM platform assessments.
Preferred
Splunk Architect or Admin certification preferred.
Familiarity with the ServiceNow Security Incident Response (SIR) module is a plus.
Relevant certifications in Splunk or SIEM technologies are highly desirable.
Company
Charter Global
Charter Global is an App Development& IT Consulting company located in Atlanta.
H1B Sponsorship
Charter Global has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2023 (14)
2022 (15)
2021 (15)
2020 (36)
Funding
Current Stage
Late StageCompany data provided by crunchbase