Job Description
· Reviewing alarms and alerts
· Confirm, determine or adjust the criticality of alerts
· Identifying other high-risk events and potential incidents
· Escalation to Tier2
· Basic configuration of monitoring tools
· MTTD (Mean Time to Detect)- Time to identify potential threats
· Alert Volume Handled - Number of alerts reviewed per shift
· Escalation rate (percentage of cases requiring Tier 2 involvement)
· False positive reduction rate
· Documentation Quality - Completeness of case records
· Training Frequency - Number of upskilling sessions per year
Requirements
· Ability to write and optimize queries, create dashboards, reports, and alerts, and perform data analysis within the Splunk platform
· General understanding of Splunk architecture and components
· Knowledge of log collection methods, both agent-based and agentless (e.g., Syslog, API integrations).
· Familiarity with various log formats
· Understanding of network-based attacks
· Understanding of endpoint-based attacks
