EY
EY4h ago
Naukri

Opening with EY_SPLUNK ES

Hybrid - Bengaluru, Noida, Chennai
Full Time
Mid Level

Auto Apply to 50+ AI Matched Opening with EY_SPLUNK ES Jobs

Use Auto Apply Agents to Bulk Apply jobs with ATS Optimised Resumes, find verified Insider Connections for jobs at EY

Full Job Description

About the Role

EY is seeking experienced professionals to join our team, focusing on Splunk Enterprise Security (ES) and Splunk User Behavior Analytics (UEBA) solutions. This role offers a hybrid work arrangement across Bengaluru, Noida, and Chennai.

Key Responsibilities:

  • Perform remote and on-site gap assessments of SIEM solutions, defining evaluation criteria based on client requirements, industry best practices, and regulations.
  • Conduct stakeholder interviews and review documentation (SOPs, architecture diagrams) to evaluate SIEM effectiveness and prepare audit reports.
  • Provide consulting services during testing, evaluation, pilot, production, and training phases to ensure successful SIEM deployments.
  • Recommend best practices for SIEM solutions and offer consultative advice on security principles related to SIEM operations.
  • Design and document SIEM solutions tailored to customer needs.
  • Onboard data into Splunk from various sources, including custom-built solutions, by creating parsers and verifying log source data against the Common Information Model (CIM).
  • Manage data parsing and masking prior to SIEM ingestion.
  • Support data collection, processing, analysis, and operational reporting systems, including planning, installation, configuration, testing, troubleshooting, and problem resolution.
  • Assist clients in optimizing SIEM system capabilities, audit, and logging features.
  • Provide technical guidance for configuring end log sources for SIEM integration.
  • Handle big data integration via Splunk.
  • Develop and customize SIEM content, including automated security event monitoring, alerting, and corresponding event response plans.
  • Develop and customize Splunk Apps & Add-Ons, building advanced visualizations (Interactive Drilldown, Glass tables), and integrating contextual data into notable events.
  • Create use cases aligned with the Cyber Kill Chain and MITRE ATT&CK framework.
  • Develop advanced dashboards (using CSS, JavaScript, HTML, XML) and reports for near real-time visibility into client application performance.
  • Install, configure, and utilize premium Splunk Apps and Add-ons (e.g., ES App, UEBA, ITSI).
  • Configure alerts and reports, with a strong understanding of automatic lookups, data models, and complex SPL queries.
  • Create, modify, and tune SIEM rules to meet client specifications for alerts and incidents.
  • Collaborate with client stakeholders for correlation rule tuning, incident classification, and prioritization recommendations.
  • Develop custom commands, custom alert actions, and adaptive response actions.

Qualifications:

  • Experience working with Splunk Enterprise, Splunk Enterprise Security, and Splunk UEBA.
  • Minimum Splunk Power User Certification.
  • Proficiency in programming or scripting languages such as Python (preferred), JavaScript (preferred), Bash, or PowerShell.

Company

EY

EY

Ernst & Young (EY) is a global leader in assurance, tax, transaction, and advisory services. We are committed to building a better working world.

Hybrid - Bengaluru, Noida, Chennai
Posted on Naukri