Cybersecurity Consultant- SIEM

- Put in place new log collection into the SIEM based on Splunk Enterprise Security technology, which implies :
The configuration of Heavy Forwarder components for log collection which will be in "pull" mode
The coordination with internal log collection team for log collection which will be in "push" mode
The update or creation of dedicated parsers
The configuration of enrichment with Asset & Identity module
Update of data model if the log collection is needed for specific detection use cases
Process the continuous improvement requests of the L1/L2/L3 analysts which could be :
A parsing update
An enrichment or lookup update
A data model update
A log collection issue
Proposal of ways to optimize the current Splunk configurations
Report back to the team on the tasks completed
Update of the internal technical documents end the end user guidelines
Comply with the internal rules :
All the configurations must be done by using CI/CD based on Github Actions and Jenkins (no manual updates on Splunk GUI)
All the changes must be tested on homologation SIEM platform
Comply with group process for managing changes and incidents on the engine

Optimization of log collection and continuous improvement on log enrichment / parsing to enhance the incident detection

Set up new log collection into the SIEM (Splunk Enterprise Security technology) for new projects with recommendations to comply with group standards.

This role requires deep expertise in Splunk architecture, administration