SIEM Administrator

Title: SIEM Splunk – Senior AnalystLocation: KuwaitAbout AccentureAccenture is a global professional services company with leading capabilities in digital, cloud and security. Combining unmatched experience and specialized skills across more than 40 industries, we offer Strategy and Consulting, Song, Technology and Operations services — all powered by the world’s largest network of Advanced Technology and Intelligent Operations centers. Our 744,000 people deliver on the promise of technology and human ingenuity every day, serving clients in more than 120 countries. We embrace the power of change to create value and shared success for our clients, people, shareholders, partners and communities. Visit us at www.accenture.com.About Accenture SecurityJoin Accenture Security to pioneer security solutions that blend risk strategy, digital identity, cyber defense, application security and managed services. Using the coolest next-gen tech, you’ll have every chance to stay one step ahead of cybercrime and out-hack the hackers.Accenture Security provides comprehensive security services – from security strategy development to business transformation, to managed security services – on demand and at a global scale to help mitigate risks and take full advantage of advanced technologies and proven risk management models. Our experienced team of global security professionals helps businesses understand their risks and build resilience from the inside out, giving them the confidence to focus on what matters most: innovation and business growth. Responsibilities and Accountabilities:The primary objectives of the role is to participate and lead the delivery of Splunk SIEM Platform Management. The services include administration of a distributed Splunk SIEM Platform. The role would also require Integration of Splunk with a wide variety of data sources and industry leading commercial security tools that use various protocols including vendors specific threat feeds. Consult with customers to customize and configure Splunk along with developing use cases for security monitoring. Administration of SIEM environment (eg: deployment of solution, user management, managing the licenses, upgrades and patch deployment, addition or deletion of log sources, configuration, management, change management, report management, manage backup and recovery etc.) Security Use case development, Construction of SIEM content required to produce Content Outputs (e.g., correlation rules, reports, report templates, queries) Should be thorough in troubleshooting Splunk platform and application issues, escalate the issue and work with Splunk support to resolve issues. Integration of customized threat intelligence content feeds provided by the Threat Intelligence and Analytics service. Integrate SIEM with a wide variety of supported and unsupported data sources. This is a hands-on role, requiring strong technical skills as well as a good understanding of the Cyber security problem and solutions.Qualifications: Bachelor’s Degree in Engineering/computer science/ Information Technology or other relevant fields. In-depth knowledge in core security domain (SIEM and SOC) Direct architecture design, administration experience and certifications with one or more SIEM/ Security Solutions (i.e. LogRhythm, Splunk, QRadar, ArcSight) Programming and scripting skills. Knowledge on MITRE ATT&CK, TTPs Good understanding of network protocols & architecture and cloud infrastructure.