Splunk Administrator - Cyber Security (5-10 yrs)

This JD is for a Splunk Administrator with expertise in Microsoft Defender (MDE), KQL/SQL, and security analyticsHere's a breakdown of the key requirements and ideal candidate profile:

Requirements :

- Splunk Admin with Security Knowledge (not SOC-focused).

- Strong in Microsoft Defender (MDE/S1), KQL, and SQL

- Experienced in Splunk implementation, configuration, and administration

- Good understanding of security frameworks, vulnerability management, and incident response

- Ability to mentor teams and act as a single point of contact (SPOC) for Splunk-related security operations.

Splunk Administration and Certification :

- Experience as a Splunk Admin (5-9 years).

- Must hold a Splunk Certification (Certified Admin or Certified Architect).

- Expertise in designing, implementing, and supporting Splunk (Indexers, Forwarders, Search-Heads).

- Hands-on experience with onboarding data, configuring Splunk, building dashboards, and extracting insights.

Microsoft Defender Expertise (MDE/S1) and KQL/SQL :

- Strong Microsoft Defender for Endpoint (MDE/S1) experience.

- Kusto Query Language (KQL) and SQL proficiency for threat analysis and security monitoring.

- Must NOT come from a SOC background (likely focusing on engineering/administration rather than SOC operations).

Security and Cybersecurity Knowledge :

- Experience with security controls, risk management, and threat analysis

- Familiarity with incident response, vulnerability management, and security architecture.

- Reviewing vulnerability assessment reports and security advisories.

System Administration (Linux and Windows) :

- Experience managing Linux and Windows agents in a Splunk environment.

- Strong understanding of Splunk system architecture and best practices.

Leadership and Mentorship :

- Act as SPOC and mentor security analysts.

- Participate in knowledge sharing and train team members on best practices.