Verizon is a leading provider of technology, communications, information and entertainment products, transforming the way we connect across the globe. We’re a diverse network of people driven by our ambition and united in our shared purpose to shape a better future. Here, we have the ability to learn and grow at the speed of technology, and the space to create within every role. Together, we are moving the world forward – and you can too. Dream it. Build it. Do it here.
What you’ll be doing...
Your tasks will primarily consist of the deployment and administration of Splunk Components in a SIEM platform to allow for the creation and operation of various Use Cases for security incident response management relating the client’s IT environment. You will be working with a team of cyber security professionals in managing the various technologies used to support our Professional Security Services practice and customers.
What we’re looking for...
Based in Manila, you will be a team member of the Professional Services (Cyber Defense) practice and participate in the delivery of Advanced Security Operation Center (ASOC) and SIEM projects to our clients..
You will need to have:
Bachelor’s degree or four or more years of work experience.
Four or more years of relevant work experience in IT Security.
Experience in the deployment of Splunk components in both project and BAU lifecycle stages of delivery
Experience with automation, capacity planning, performance optimization, benchmarking, configuration management and continuous monitoring and delivery (may include experience using Vagrant, Puppet, Chef and Ansible)
Experience in supporting and maintaining a complex multi cluster Splunk environment used to monitor infrastructure deployed across cloud and on-premise data centers
Ability to perform complete Splunk environment installs
Experience in Linux and networking is required.
Translate cyber security risks to SIEM use cases, using relevant data to increase the effectiveness of threat detection, response and recovery
Experience with Champion SIEM automation, orchestration and data infusion utilizing security incidents, vulnerabilities, threat intelligence and other relevant sources
Experience with Devise health check strategies on the components of Splunk and log source ingestion to enable SOC to perform these scheduled
Understanding of log ingestion and data normalization on the Splunk platform
One or more current Splunk Certifications in Splunk Architect or Architect II (preferred), Splunk Certified Administrator, Splunk Certified Sales Engineer or higher.
Even better if you:
Understanding of enterprise systems administration (Linux preferred) and/or enterprise networking. Knowledge of protocols like TCP/IP, DNS, HTTP, and SMTP.
Problem-solving and communication skills
Experience with ahigh level of familiarity with the data architecture at the Forwarding, Indexing, and Search layers in the Customer environment – which event data is ingested from where, how does it get to where it is stored, and which fields are extracted from it at search time.
Experience in configuration management used by the Splunk admin team, and, where possible, contribute to configuration changes.
Ability to identify when a Splunk Event type is not ingested correctly from a Cyber Security Use Case perspective and how to fix the issue (e.g. UF, HF, TA, etc).