Beschreibung
Aufgaben und VerantwortungDevelopment and Security Consulting Splunk Enterprise Security Platform
• Short Description XXX Splunk Enterprise Security Platform:
• Central Splunk Instance based on 1 Indexer Cluster with a effective capacity of 12TB , 2 Searchheads and 5 Central Forwarders
• Splunk Enterprise Security was operational
• CIM Deployment was in place
• more the 50 Universal Forwarder mainly on Windows are deployed; End Of Universal Forwarders are expected
• Central Forwarder Management was in place
• Actual Volume of Data: 200 GB/Day; End of GB/Day was expected
• Data volume will grow up. End of 2020 up to 20TB effective capacity was expected
• Actual the platform support 98 different Sourcetypes and 650 connected independent sources
• Data sources: Firewalls, Proxies, Antispam, WinOS, Linux, APT Appliances, Applications, ….
• Requested Splunk Infrastructure Management Task:
• The Supplier has a very good knowledge in managing and supporting complex Splunk Infrastructure
• The Supplier was be able to manage single test instance as well complex cluster environment with high utilisation
• Maintenance of all splunk Infrastructure Elements
• Upgrade existing Infrastructure
• Splunk data administration
• Splunk data source integration
• Splunk data extraction aligned to CIM
• Splunk Forwarder management
• In addition to the Splunk Infrastructure Managment task the supplier will have the following knowledge
• The Supplier will support PAG to operate and develop a Splunk Infrastructure with Splunk Enterprise Security in a full CIM compliant setup
• The supplier has to interpreted existing Log and Event information's in dependencies to the existing enterprise infrastructure.
• The supplier has to correlate different data sources to identify security threats in data analytic data driven mode.
• The supplier has to translate data driven analytics in recurring correlations and provide them as basis for Runbooks definitions
• The supplier has support PAG to define Runbooks and to improve existing procedures and Runbooks
Projekte der Delta Systemtechnik Horn GmbH Seite 7 von 3
• The supplier will support the PAG Infrastructure Teams in security relevant escalations and improvement tasks
• The supplier will direct work with security operations and support the daily recurring analytics and help to optimize the processes and workflows
• The supplier has a good knowledge of Center for Internet Security (CIS) controls
Qualifikation:
• Solid experience with network, systems and application security architecture integration.
• Solid operating systems, database and networking protocols knowledge.
• Solid operating systems & databases knowledge.
• Solid Networking, communications & authentication protocols knowledge in a complex environment.
• Consolidated understanding of application and software development.
• Solid knowledge of operating systems Windows, Unix, Linux, ...
• Solid understanding of vulnerability management: identification, impact and resolution
• knowledge of application and secure software development