Assignment Description

We are looking for a Splunk Architect to our client.

Duties:

Lead the technical architectural perspective and propose a technical solution for adjusting central SIEM solution in in SESE-D environment, specially design of cross-zone event transport from OT environments to SESE-D. Knowledge in SESE-D environment important so quickly learning the environment is key to success.

Splunk environment is already in the SESE-D environment, so it needs to be assured it will be capable of onboarding OT SOC customers and design how to transport data (events) from OT zones to it.

A thorough understanding of Splunk Deployment Methodology and best practices for planning, data collection, and sizing for a distributed deployment. Manage and troubleshoot a standard distributed deployment with indexer and search head clustering.

Good understanding of network security concepts such as firewalls, proxies, unidirectional gateways, etc. is also necessary.

Skills needed:

• Experience with designing data transfer mechanisms from restricted environments
• Experience with event streaming & processing solutions (e.g. Kafka, NiFi)
• Basic understanding of core Operational Technology (OT) / Industrial Control Systems (ICS) concepts
• Knows how to build a SIEM solution