100% Remote

Contract role 

10 to 15 hours per week

Length: 4-6 Months

Overview:

• Assessment: Evaluate the status and health of the Splunk SIEM system.
• Design and Architecture Guidance: Provide comprehensive recommendations to enhance the system's design and architecture for advanced capabilities.

The scope includes two primary tasks:

1. Current Status and Health Assessment of Splunk SIEM
2. Guidance for Design and Architecture Enhancement

Responsibilities:

Task 1: Current Status and Health Assessment of Splunk SIEM

• 1.1 Review System Configuration
  • Evaluate the current configuration of the Splunk SIEM system.
  • Identify any misconfigurations or optimization opportunities.
  • Assist in tuning and configuration of the system.
• 1.2 Performance Analysis
  • Conduct performance analysis to assess system load, indexing, and search performance.
  • Identify bottlenecks and provide recommendations for performance improvements.
• 1.3 Data Quality and Coverage Assessment
  • Review data sources and data quality.
  • Ensure comprehensive coverage of security-relevant data sources.
• 1.4 Security Posture Review
  • Assess the security posture of the Splunk SIEM system.
  • Identify gaps and vulnerabilities within the SIEM configuration and data ingestion.
• 1.5 Reporting and Documentation
  • Provide a detailed report outlining findings, identified issues, and recommendations for improvements.
  • Conduct a presentation of findings to key stakeholders.
  Deliverables for Task 1:

• • Assessment Report including findings and recommendations
  • Presentation of findings to stakeholders

Task 2: Guidance for Design and Architecture Enhancement

2.1 Infrastructure Assessment

Evaluate the current infrastructure supporting the Splunk SIEM system.

Hands on assessment of the current architecture, performance, and tuning of the current deployment.

Provide recommendations for scaling and optimizing infrastructure for high availability and performance.

2.2 Data Architecture Design

Review current data architecture and identify gaps.

Recommend a robust data architecture to support advanced monitoring, UEBA, ML, and SOAR.

2.3 Advanced Monitoring and UEBA

Provide guidance on implementing advanced monitoring techniques.

Recommend best practices for integrating UEBA capabilities.

2.4 Machine Learning Integration

Evaluate existing ML capabilities within Splunk.

Provide recommendations for integrating ML to enhance threat detection and response.

2.5 SOAR Capabilities

Assess current SOAR capabilities.

Recommend enhancements to automate and orchestrate incident response processes.

2.6 Implementation Roadmap

Develop a comprehensive roadmap for implementing the recommended design and architecture changes.

Provide detailed steps, timelines, and resource requirements for execution.

Deliverables for Task 2:

Design and Architecture Enhancement Report

Implementation Roadmap

Presentation of recommendations to stakeholders

5\. Timeline

The project is estimated to take approximately 16-24 weeks to complete. The timeline for each task is as follows:

Task 1: Current Status and Health Assessment: 4-8 weeks

Task 2: Guidance for Design and Architecture Enhancement: 12-16 weeks

Consultant Responsibilities:

Conduct assessments and provide detailed reports and recommendations.

Present findings and recommendations to the client's stakeholders.