Splunk Phantom Consultant M19

Job Title: Splunk Phantom Consultant M19
Contract Type: Contract
Location: Melbourne, Victoria
Salary: Negotiable
Start Date: ASAP
Reference: CR/006277_1627628416
Contact Name: Vinthosh Sadhai
Contact Email:
Job Published: July 30, 2021 17:00

Job Description

Splunk Phantom Consultant - M19

Currently seeking some expertise in the Splunk Phantom skillset

  • Long Term Program of Work
  • Remotely Work From Home

FinXL IT Professional Services is a leading IT services organisation providing a broad range of solutions to assist large Australian enterprises and Government departments to deliver IT projects.

At present, an outstanding opportunity exists for a Splunk Consultant with Phantom expertise to join our team of highly-credentialed project delivery consultants working with Australia's largest telecommunications and technology company.

The resource will be predominantly working in the Security space performing work within Splunk ES and Administering Splunk Phantom, note that they must have the following as the role requires the resource to be creating Phantom Playbooks for Splunk ES:

  • Splunk Enterprise Security Certified Admin
  • Splunk Phantom Certified Admin

The Scope of Work includes:

Automate the client's security incident systems to reduce Mean Time To Resolve (MTTR) security incidents. Security incident staff have more incidents than can be handled effectively, requiring investment in automation to improve the incident response times and the number of total incident per day throughput.

This resource will assist by:

  • Automated ticket handling so that more tickets are processed automatically, avoiding the need for handling by incident response staff.
  • Automation of manual tasks including raising ITAM tickets, and notifying system owners of denial of service incidents, reducing manual workload by 15 minutes per ticket requiring these actions.
  • Enrichment of incident tickets so that incident responders have more information already populated in each ticket, reducing the need to log in to other systems as part of their workflow.