Select how often (in days) to receive an alert:
RBI is fostering its Business for the next generation in Information & Cyber Security.
As crucial part of the Group Raiffeisen Bank International Cyber Defense Center department this function develops detection and prevention mechanism to foster our digitalization journey and the business confidence of our customers.
In this position you will be member of a group SOC Team. This includes designing, engineering and administering of the RBI SIEM infrastructure. You will lead the development of Splunk visualizations, reports, alerts and developing Splunk applications. You will work together with data source owners to integrate data sources and supports the requirements for building use cases.
Your mission:
* Administering Splunk environments and Splunk applications include developing applications that provide insight into a business process
* Maintaining and optimizing clustered Splunk deployment on Kubernetes/EKS environment
* Recommend and execute improvements to the existing Splunk architecture and design with growth and scalability in mind to optimize performance, stability, reliability, and agility
* Communicating with customer stake holders to include leadership, support teams, and system administrators
* Assist in defining Operational Security related processes and procedures responsible for implementing processes, providing support to the 24x7
* Support the onboarding process for new infrastructure and business applications within the whole RBI group
Core competencies:
* Solid Experience in a Splunk clustered environment with SIEM Background – Splunk Enterprise Security
* Strong understanding with onboarding new data sources in Splunk Enterprise, analyzing the date for anomalies/trends, and building dashboard for key trends
* Solid understanding of network transport protocols and services (TCP/IP, syslog, DNS, ODBC, SFTP, SSH, PKI, etc.)
* Professional experience with both Windows and Linux/Unix operating systems
* Practical experience of cloud concepts either using AWS or Azure
* Strong understanding of DevSecOps concepts, full lifecycle development for systems/applications
* Experience automating workflows with Splunk Phantom
Nice to have:
#J-18808-Ljbffr