SOC Incident Response Lead Splunk

Accenture India · May 6th 2018

Apply on StackOverflow Careers

Position Scope:

The SIEM SME leads in architectural design, specification, and maintenance of Splunk Security products and services.Candidates must have backgrounds in network planning and design, implementation, and operations. SIEM SMEs apply business and technology skills with structured methodologies to deliver complex solutions to the customer.

We are looking for professionals (with 6-9 years of experience) who can fulfill the following criteria:

  • Experience in Information Security, Risk Management, Infrastructure Security and Compliance
  • Security device installations, configuration and troubleshooting (e.g., firewall, IDS, etc.)
  • Hands on experience in supporting AWS and Azure Assets, especially supporting Splunk deployment in AWS/Splunk ES as a service
  • Experience in deploying different type of forwarders and Apps
  • Deep knowledge in AWS services and serverless architecture
  • Expertise in UNIX, Linux, and Windows - able to tear down and rebuild a host system
  • Experience with Database installation and configuration is required and Oracle experience is a plus
  • Exploit and detection analysis skills, including ability to analyze logs for useful information and patterns
  • Install, configure, tune, and maintain the Splunk SIEM components
  • Primarily focus on content creation regarding advanced threat analysis (rules, variables, trending, watch lists, etc) of incoming data and for self-monitoring of the solution itself.
  • Perform supporting tasks such as system hardening, high availability configurations, and developing backup strategies.
  • Assist with the creation of detailed deployments plans, architectural drawings and operation manuals.
  • Assist with event source auditing configurations, integration with various security platforms, network devices, and systems
  • Expert in development of Regular Expression (REGEX)
  • Good understanding of Infrastructure Security and its impact on Security Operations, Vulnerabilities, Reporting, Analytics and Monitoring
  • Good understanding and experiences with Infrastructure Security, Risk assessment and Security Information and Event Management

Nice to Have Skills/Qualifications:

  • Experience working in a diversified, virtual environment

  • Administrational tool development and maintenance

  • Desirable to have some certifications such as CISSP, ITIL, CISA, CISM and GIAC-GCIA

  • Desirable to have some advanced Certification from SIEM vendor on products such as HP ArcSight or RSA envision

If you, or a friend, match these requirements, please send in your resumes to, marking “Splunk SIEM-Stackoverflow” in the subject line

Accenture is an equal opportunities employer and welcomes applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, gender identity, or any other basis as protected by applicable law

Apply on StackOverflow Careers