Splunk Administrator

Founded in 2015, BPCE Infogérance & Technologies is a subsidiary of Groupe BPCE, dedicated to Infrastructures, End-User Environment, Security and Production. Driven by growth, expertise, transformation and agility, this project embraces an international mindset and a diverse skill set. You’ll find yourself in a dynamic and enriching workplace or, as we like to name it, a real tech playground, where you’ll be able to explore a huge tech stack.

Team presentation:

The SOC means Security Operation Center. Its main goal is to prevent, detect and respond to Cybersecurity Events.

The OTP Team is a part of the SOC Department. It means “Tools, Transformation & Projects”. Our main goal is to Support and Improve the Security Tools on our SOC activities.

OTP Team handles:

• Our Security Information & Event Management tool: Splunk
• Our Security Incident and Response Plateform tool: TheHive
• Our Security Orchestration & Automation Response tool: n8n
• Our Endpoint Detection and Response tool: Trellix HX
• It has also the responsibility to maintain a PRIS environment which is a secure environment outside of the BPCE Group’s Information System that allows our experts to investigate and proceed with forensic work.

And the OTP Team leads also the following security projects:

• Security Log collection
• Security usecases with Machine Learning and Deep learning
• Cloud Security log collection and usecases (AWS, GCP and Azure)
• Usecases with Security Automation

Missions:

• Participate in the Operators' projects under the guidance of the Project Director and/or Project Manager of BPCE Managed Services and Technologies in the construction and production phases of application evolutions
• Ensure the availability of technical resources
• Analyze and correct incidents in levels 2 and 3
• Actively participate in the production and software development processes in conjunction with Operators Editors and provide operational support to project teams
• Implement technical resolution solutions of incidents. Perform diagnostics to identify causes of malfunction, propose and implement "back-up" fixes and solutions.
• Maintain information system applications in operational condition for quality, productivity and security.
• Analyze the operational risks and customer impacts of its area of responsibility
• Ensure the management of environments (definition of needs, validation of development and acceptance environments, monitoring)
• Ensure a role of advice, assistance, information, training and early warning in integration (definition of the components of the IS, steering of implementation and guaranteeing the required level of quality).
• Participate in defining usability requirements in their area of responsibility and, where necessary, interface experts in other areas and manage interactions with suppliers.
• Define standards and rules for sound management of operating systems and systematically check their application (IT security, quality, etc.).
• Contribute to reliability, securing and optimising security in its area of responsibility
• Offering innovative solutions to improve the performance of its area of activity
• Ensuring the right level of service quality in line with the requirements of service contracts (SLA) in their area of responsibility

Specificities for integration activities

• Participate in the design and/or choice of solutions (or software package)
• Participate in the production of information system evolutions
• Establish operational preparation files, manufacture or evolve components, test them individually and ensure that the results comply with the technical specifications
• Integrate the solution or the hardware and/or corrective maintenance into the reference system and ensure the availability of the components
• Actively participate in the certification

In addition, for the Packaging activities

• Install a set of components constituting the version, carry out the porting of the versions, assist the teams for the installation and production of the released versions, manage the repository of the platform (object reference and configuration)

In addition, for the approval activities

• Ensure the approval of the various software, perform the acceptance, validation, installation and provision of components, and perform the technical tests and reception.
• Perform delivery of the application (deliverables: documentation, components, etc.).

Specificities for support activities

• To ensure that the IT working environment of users is maintained in operational condition by providing assistance, advice, information and training.
• Actively contribute to continuous improvement by relaying the voice of users to competent technical teams.
• Can contribute to the evolution of the IS by being involved in projects with an impact on the supported work environment.

Job Duties :

• Work on advanced Splunk administration, and development efforts, with a goal towards enhancing/building out the Splunk infrastructure as it relates to system and technical application logs, troubleshooting, reporting, custom queries, dashboards, and security roles administration.
• Support, maintain, and expand Splunk infrastructure in a highly resilient configuration
• Standardized Splunk agent deployment, configuration and maintenance across a variety of platforms
• Troubleshoot Splunk server and agent problems and issues
• Monitor the agent and server infrastructure for capacity planning and optimization
• Automate processes and procedures where applicable
• Research, design, evaluate, recommend and support major hardware and software enhancements
• Design, code and maintain custom scripts to increase system efficiency and lower the human intervention time on any tasks

Requirements

Prefered Certifications:

• Splunk Certified Admin
• Splunk Certified Architect

Qualifications :

• Master Degree or equivalent experience
• Minimum of 3 years of experience with Splunk development/administration, installation, configuration, clustering, monitoring, query design, dashboard design
• Experience with RedHat OS
• Experience with scripting (Python, shell, etc)