100% Remote
Contract role
10 to 15 hours per week
Length: 4-6 Months
Overview:
The scope includes two primary tasks:
Responsibilities:
Task 1: Current Status and Health Assessment of Splunk SIEM
Task 2: Guidance for Design and Architecture Enhancement
2.1 Infrastructure Assessment
Evaluate the current infrastructure supporting the Splunk SIEM system.
Hands on assessment of the current architecture, performance, and tuning of the current deployment.
Provide recommendations for scaling and optimizing infrastructure for high availability and performance.
2.2 Data Architecture Design
Review current data architecture and identify gaps.
Recommend a robust data architecture to support advanced monitoring, UEBA, ML, and SOAR.
2.3 Advanced Monitoring and UEBA
Provide guidance on implementing advanced monitoring techniques.
Recommend best practices for integrating UEBA capabilities.
2.4 Machine Learning Integration
Evaluate existing ML capabilities within Splunk.
Provide recommendations for integrating ML to enhance threat detection and response.
2.5 SOAR Capabilities
Assess current SOAR capabilities.
Recommend enhancements to automate and orchestrate incident response processes.
2.6 Implementation Roadmap
Develop a comprehensive roadmap for implementing the recommended design and architecture changes.
Provide detailed steps, timelines, and resource requirements for execution.
Deliverables for Task 2:
Design and Architecture Enhancement Report
Implementation Roadmap
Presentation of recommendations to stakeholders
5. Timeline
The project is estimated to take approximately 16-24 weeks to complete. The timeline for each task is as follows:
Task 1: Current Status and Health Assessment: 4-8 weeks
Task 2: Guidance for Design and Architecture Enhancement: 12-16 weeks
Consultant Responsibilities:
Conduct assessments and provide detailed reports and recommendations.
Present findings and recommendations to the client's stakeholders.