100% RemoteContract role 10 to 15 hours per weekLength: 4-6 MonthsOverview:
- Assessment: Evaluate the status and health of the Splunk SIEM system.
- Design and Architecture Guidance: Provide comprehensive recommendations to enhance the system's design and architecture for advanced capabilities.
The scope includes two primary tasks:
Current Status and Health Assessment of Splunk SIEM Guidance for Design and Architecture Enhancement Responsibilities:Task 1: Current Status and Health Assessment of Splunk SIEM
- 1.1 Review System Configuration
- Evaluate the current configuration of the Splunk SIEM system.
- Identify any misconfigurations or optimization opportunities.
- Assist in tuning and configuration of the system.
- 1.2 Performance Analysis
- Conduct performance analysis to assess system load, indexing, and search performance.
- Identify bottlenecks and provide recommendations for performance improvements.
- 1.3 Data Quality and Coverage Assessment
- Review data sources and data quality.
- Ensure comprehensive coverage of security-relevant data sources.
- 1.4 Security Posture Review
- Assess the security posture of the Splunk SIEM system.
- Identify gaps and vulnerabilities within the SIEM configuration and data ingestion.
- 1.5 Reporting and Documentation
- Provide a detailed report outlining findings, identified issues, and recommendations for improvements.
- Conduct a presentation of findings to key stakeholders.
Deliverables for Task 1:
-
- Assessment Report including findings and recommendations
- Presentation of findings to stakeholders
Task 2: Guidance for Design and Architecture Enhancement2.1 Infrastructure Assessment Evaluate the current infrastructure supporting the Splunk SIEM system. Hands on assessment of the current architecture, performance, and tuning of the current deployment. Provide recommendations for scaling and optimizing infrastructure for high availability and performance. 2.2 Data Architecture Design Review current data architecture and identify gaps. Recommend a robust data architecture to support advanced monitoring, UEBA, ML, and SOAR. 2.3 Advanced Monitoring and UEBA Provide guidance on implementing advanced monitoring techniques. Recommend best practices for integrating UEBA capabilities. 2.4 Machine Learning Integration Evaluate existing ML capabilities within Splunk. Provide recommendations for integrating ML to enhance threat detection and response. 2.5 SOAR Capabilities Assess current SOAR capabilities. Recommend enhancements to automate and orchestrate incident response processes. 2.6 Implementation Roadmap Develop a comprehensive roadmap for implementing the recommended design and architecture changes. Provide detailed steps, timelines, and resource requirements for execution. Deliverables for Task 2: Design and Architecture Enhancement Report Implementation Roadmap Presentation of recommendations to stakeholders 5. Timeline The project is estimated to take approximately 16-24 weeks to complete. The timeline for each task is as follows: Task 1: Current Status and Health Assessment: 4-8 weeks Task 2: Guidance for Design and Architecture Enhancement: 12-16 weeks Consultant Responsibilities: Conduct assessments and provide detailed reports and recommendations. Present findings and recommendations to the client's stakeholders.