The primary role of this individual will be help tune Splunk’s Enterprise Security and UBA. The tuning process includes rule validation, macro use case tuning of newly added use cases (determining if events can be reduced by underlying application configuration changes) and micro false positive tuning. Additional duties include content management use case rule creation. The ideal candidate will have 1+ years’ experience in the following areas.
•General networking concepts & administration
•General cyber security knowledge
oEvent of interest research: Domain Tools, whois, virustotal, malware reports…etc
oPrior intrusion detection experience with a siem (home grown, Qradar, ArcSight…etc)