Splunk Admin

**Splunk Experience**: 4+ Years

**Description**:

- **Data Collection**: Onboarding data to Splunk platform using Syslog, Agenet-based, API, DB Connect, and Http Event Collector
- **Forwarder Management**: Managing and administering Splunk Universal Forwarders using Splunk Deployment Server, creating server classes, etc.
- **Indexer Clustering**: Managing and administering two-sites indexing clustering, deploy configuration bundle to cluster peers, setting indexer storage capacity and data retention.
- **Search Head Clustering**: Managing and administering search head clustering, add
emove member, backup
estore\migrate kvstore, push configuration bundle to Splunk search head members.
- **Implementation**: Installing, configuring, and upgrading Splunk Enterprise, Universal Forwarder software, and Enterprise Security, configuring License Manager and peers.
- **Normalization**: Excellent knowledge with Splunk configuration files, props, transforms, eventtypes, tag, server, etc. Create custom Technology Add-ons to parse non-standard data sources.
- **Knowledge Object**: Good knowledge of Splunk knowledge objects (searches, reports, alerts, fields, lookups, macros, datamodel, etc.), assign permission, scheduling, etc.
- **Development**: Developing new use cases, dashboards, and reports, creating custom apps and views, and running searches (index-based and datamodel-based).
- **Cybersecurity Background**: Good knowledge with Cybersecurity landscape, threats, vulnerabilities, and insider attacks. Good understanding of MITRE ATT&CK framework and Cybersecurity Kill Chain.