100 Remote Splunk Engineer Contract

100% Remote
Contract role
Length: 4-6 Months
Overview:

Assessment : Evaluate the status and health of the Splunk SIEM system.
Design and Architecture Guidance : Provide comprehensive recommendations to enhance the system's design and architecture for advanced capabilities.
The scope includes two primary tasks:
Current Status and Health Assessment of Splunk SIEM
Guidance for Design and Architecture Enhancement
Responsibilities:
Task 1: Current Status and Health Assessment of Splunk SIEM
1.1 Review System Configuration Evaluate the current configuration of the Splunk SIEM system.
Identify any misconfigurations or optimization opportunities.
Assist in tuning and configuration of the system.

1.2 Performance Analysis Conduct performance analysis to assess system load, indexing, and search performance.
Identify bottlenecks and provide recommendations for performance improvements.

1.3 Data Quality and Coverage Assessment Review data sources and data quality.
Ensure comprehensive coverage of security-relevant data sources.

1.4 Security Posture Review Assess the security posture of the Splunk SIEM system.
Identify gaps and vulnerabilities within the SIEM configuration and data ingestion.

1.5 Reporting and Documentation Provide a detailed report outlining findings, identified issues, and recommendations for improvements.
Conduct a presentation of findings to key stakeholders.
Deliverables for Task 1:
Assessment Report including findings and recommendations
Presentation of findings to stakeholders

Task 2: Guidance for Design and Architecture Enhancement
2.1 Infrastructure Assessment
Evaluate the current infrastructure supporting the Splunk SIEM system.
Hands on assessment of the current architecture, performance, and tuning of the current deployment.
Provide recommendations for scaling and optimizing infrastructure for high availability and performance.
2.2 Data Architecture Design
Review current data architecture and identify gaps.
Recommend a robust data architecture to support advanced monitoring, UEBA, ML, and SOAR.
2.3 Advanced Monitoring and UEBA
Provide guidance on implementing advanced monitoring techniques.
Recommend best practices for integrating UEBA capabilities.
2.4 Machine Learning Integration
Evaluate existing ML capabilities within Splunk.
Provide recommendations for integrating ML to enhance threat detection and response.
2.5 SOAR Capabilities
Assess current SOAR capabilities.
Recommend enhancements to automate and orchestrate incident response processes.
2.6 Implementation Roadmap
Develop a comprehensive roadmap for implementing the recommended design and architecture changes.
Provide detailed steps, timelines, and resource requirements for execution.
Deliverables for Task 2:
Design and Architecture Enhancement Report
Implementation Roadmap
Presentation of recommendations to stakeholders

5\. Timeline
The project is estimated to take approximately 16-24 weeks to complete. The timeline for each task is as follows:
Task 1: Current Status and Health Assessment : 4-8 weeks
Task 2: Guidance for Design and Architecture Enhancement : 12-16 weeks
Consultant Responsibilities :
Conduct assessments and provide detailed reports and recommendations.
Present findings and recommendations to the client's stakeholders.