Job Type
Full-time
Work Type
On-Site
Location
Riyadh, Saudi Arabia
Experience
3 - 8 years
- Design, implement, and maintain Splunk SIEM infrastructure, including forwarders, indexers, search heads, and cluster management.
- Design Splunk ES deployments with multi-tenancy, high availability, data tiering, and long-term storage optimization.
- Create architectural blueprints and roadmaps for log onboarding, data normalization, and use case development across diverse environments.
- Define and enforce log onboarding standards, parsing logic, CIM compliance, and data model configurations
- Design scalable security use cases, correlation rules, risk-based alerting, and detection logic aligned with frameworks like MITRE ATT&CK, NIST, or CIS.
- Develop, maintain, and fine-tune SPL queries, correlation rules, notable events, and security use cases.
- Monitor, troubleshoot, and optimize SIEM performance, storage usage, and data retention policies.
- Support SOC analysts and threat hunters with investigation-ready dashboards and custom threat detection rules.
- Oversee integration of threat intelligence, EDR, cloud logs, and other sources into the Splunk ecosystem.
- Integrate Splunk with threat intelligence feeds, security appliances (EDR, firewalls, vulnerability scanners), and third-party platforms via API.
- Collaborate with compliance and GRC teams to provide audit-ready reports, incident metrics, and compliance evidence.
- Maintain security and access controls within Splunk to meet governance requirements.
- Train junior analysts on SPL, dashboards, alerts, and investigative methods.