Process
- Day to day Operational issues, requests and Project tasks
- Incident response and resolution within SLA's with excellent analytical and troubleshooting skills
- Providing all the necessary details to leads about the issue, steps taken, recommendation and any other relevant information
- Ticket Status Check and Update
- Respond to False Positive Alerts
- Incident Escalation and Progress Monitoring
- Create, review, update, and maintain Standard Operating Procedures.
- Prepare RCA for the escalated incidents.
- Perform the Shift handovers
- SPLUNK
- Configure and troubleshoot Splunk components such as indexer, forwarder, search head, etc…
- Comfortable with Splunk queries to create Splunk dashboards.
- Configuring Splunk as per the Best Practices (apps, add-ons, searches, etc).
- Creates, modifies, and updates Security Information Event Management rules.
- Recognizes potential, successful and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail
- Triage of non-security alerts based on priority, problem identification and escalation
- Escalate to designated contacts within Customer for issues outside SOPs, or when SOPs fail to resolve the issue
- Utilize Security Information and Event Management to monitor data flow between networks.
- Work directly with delivery teams or customers to gather logging requirements
- Convert Logging requirements into Splunk designs following best practices
- Perform environment health checks
- Troubleshoot Issues
- Update and / or create technical documentation
Active Directory:
- Security Group modification as per the documented procedures
- Troubleshoot basic permission issues on the network file shares
- Perform basic Troubleshooting on A.D. communication using tools such as RSOP, IPConfig & NSLookups
- Perform A.D. user management tasks such as ADD/Disable/Unlock users
- Verify A.D. reports as per the documented procedur
