A Zemour

As a SIEM Expert, your missions will be to:

- Understand the in-depth functioning of QRADAR and SPLUNK components;

- Understand needs and make recommendations in terms of best practices for SIEM solutions;

- Design and document evolutions of EDF's SIEM infrastructures;

- Contribute to the SIEM detection service roadmap;

- Contribute to the SOAR automation service roadmap;

- Conduct technical and functional studies on product evolutions;

- Contribute to the definition, collection, and integration of enterprise repositories into the SIEM;

- Contribute to exchanges with market SIEM solution providers;

- Exchange with peers on SIEM solutions;

- Contribute to the industrialization of the SOC (SOAR) and its impacts on the SIEM;

- Verify the proper collection of source logs and investigate problems;

- Act as a technical referent and provide your expertise in projects or operational issues.

Migration of Splunk on-premise to Splunk cloud (cluster environments with + 3TB/day) instances.

Tasks:

• Study of the migration from Splunk on-premise to Splunk cloud

• Data, apps (vetting), roles, users migration...

• Implementation of workload management rules

Context:

cluster environments with + 5TB/day, +3000 users, multi-site Search Head and Indexer clustering and multiple Deployment Server instances.

Tasks:

• Infrastructure Administration: MRO (Maintain, Repair and Operations) of the infrastructure (UH, HF, IDX, SH).

• Implementation and development of log collections, user support (Alerts/research, dashboards, best practices), access management (roles, users).

• Deployment of log collection infrastructure using: Splunk Universal Forwarders, DB Connect, syslog-ng, SNMP, API, JMX and HEC…

• Log parsing and CIM compliance

• Automation and configuration management with Ansible and Git.

• Participation in N2/N3 support for the Big Data Splunk service.

• Participation in a project to merge two Splunk infrastructures of +5TB/day and +6TB/day.

• Management and coordination of infrastructure upgrades (upgrade 7.X, 8.X,).

• MOA to support clients in analyzing and implementing their needs

Technical Environment:

Splunk Enterprise Security (on premise), Splunk Security Essentials, Git, Ansible, Syslog-ng, O365, SAP, Oracle DB, SQL DB, NoSQL DB, Cribl, Microsoft Azure, JavaScript, JQuery, PowerShell, Python, Linux, Windows, NAS, Nifi, API…