Job Description

•      Reviewing alarms and alerts.
•      Confirm, determine or adjust the criticality of alerts.
•      Identifying other high-risk events and potential incidents.
•      Escalation to Tier2.
•      Basic configuration of monitoring tools.
•      MTTD (Mean Time to Detect)- Time to identify potential threats.
•      Alert Volume Handled - Number of alerts reviewed per shift.
•      Escalation rate (percentage of cases requiring Tier 2 involvement)
•      False positive reduction rate.
•      Documentation Quality - Completeness of case records.
•      Training Frequency - Number of upskilling sessions per year.

Requirements

•       Ability to write and optimize queries, create dashboards, reports, and alerts, and perform data analysis within the Splunk platform.
•      General understanding of Splunk architecture and components.
•       Knowledge of log collection methods, both agent-based and agentless (e.g., Syslog, API integrations).
•       Familiarity with various log formats.
•     Understanding of network-based attacks.
•      Understanding of endpoint-based attacks.