Splunk Administrator - Microsoft Defender (5-10 yrs)

Job Description :

Splunk Administrator with expertise in Microsoft Defender (MDE), KQL/SQL, and security analytics. Here's a breakdown of the key requirements and ideal candidate profile

Key Requirements :

Splunk Administration & Certification :

- Experience as a Splunk Admin (5-9 years).

- Must hold a Splunk Certification (Certified Admin or Certified Architect).

- Expertise in designing, implementing, and supporting Splunk (Indexers, Forwarders, Search-Heads).

- Hands-on experience with onboarding data, configuring Splunk, building dashboards, and extracting insights.

Microsoft Defender Expertise (MDE/S1) & KQL/SQL :

- Strong Microsoft Defender for Endpoint (MDE/S1) experience.

- Kusto Query Language (KQL) and SQL proficiency for threat analysis and security monitoring.

- Must NOT come from a SOC background (likely focusing on engineering/administration rather than SOC operations).

Security & Cybersecurity Knowledge :

- Experience with security controls, risk management, and threat analysis.

- Familiarity with incident response, vulnerability management, and security architecture.

- Reviewing vulnerability assessment reports and security advisories.

System Administration (Linux & Windows) :

- Experience managing Linux and Windows agents in a Splunk environment.

- Strong understanding of Splunk system architecture and best practices.

Leadership & Mentorship :

- Act as SPOC and mentor security analysts.

- Participate in knowledge sharing and train team members on best practices.

Ideal Candidate Profile :

- Splunk Admin with Security Knowledge (not SOC-focused).

- Strong in Microsoft Defender (MDE/S1), KQL, and SQL.

- Experienced in Splunk implementation, configuration, and administration.

- Good understanding of security frameworks, vulnerability management, and incident response.

- Ability to mentor teams and act as a single point of contact (SPOC) for Splunk-related security operations.