Security Information Event Specialist

About Fujitsu Network Communications, Inc.

Fujitsu Network Communications, Inc., is a trusted partner to a broad spectrum of customers across all industries, enabling them to realize the maximum value from their communications networks. We are a market-leading U.S.-based manufacturer of network equipment and a top U.S. patent holder in optical networking. Our solutions combine the best wireline, wireless, and software technology with extensive multivendor services expertise to deliver custom, end-to-end network integration and management solutions. For more information, please see http://us.fujitsu.com/telecom, connect with us on LinkedIn at www.linkedin.com/company/fujitsu-network-communications, and follow us on Twitter @FujitsuFNC.

Req ID: 14770 

The Security Information and Event Management Specialist supports the mission of the Cyber & Information Security team by identifying sources of security information and events, importing such events to the SIEM tool, identifying and writing rules/alerts to communicate relevant information to SOC analysts, and managing the cloud SIEM solution.

Responsibilities

• • Interface with security operations personnel and network/server/application managers to identify relevant security data
  • Ingest log data into Splunk Cloud environment, writing transformation rules as needed
  • Create Splunk reports to standardize monthly management reporting
  • Monitor Splunk Cloud environment for license compliance and application performance
  • Create indices as needed and configure ingestion for new data sources
  • Manage Splunk Cloud apps, and upgrade or decommission as needed
  • Create Splunk dashboards to improve visibility into enterprise data
  • Assist other SOC analysts with incident response
  • Assist other SOC analysts with querying and analyzing Splunk data
  • Maintain documentation of SIEM environment
  • Manage on-premise infrastructure, including deployment server, syslog connector, and universal forwarder

Required Background

• • 5 years in a security monitoring environment (e.g., a Security Operations Center)
  • Understanding of sources of security information in a typical medium-sized Information Technology environment
  • Understanding of cyber-security threats and indicators of compromise
  • Experience ingesting data into Splunk environment (prefer Splunk Cloud, but not required)
  • Experience working with Splunk architecture (Universal Forwarders, SC4S, Deployment server, etc.)
  • Experience creating correlation and alerting rules
  • Experience with Splunk Processing Language (SPL) or Splunk certification
  • Experience investigating IOCs in Splunk or Defender for Endpoint

All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.