company-logo

L2 Security Analyst (Splunk & Google Technologies)

Description

We are seeking a highly skilled L2 Security Analyst to join our Security Operations Center (SOC) team, deployed at Ooredoo's headquarters in Doha. In this role, you will be a key player in defending against sophisticated cyber threats within a cutting-edge hybrid environment. You will serve as the primary technical escalation point for L1 analysts, leveraging your deep expertise in Splunk Enterprise Security and Google Cloud security technologies like Chronicle and Security Command Center. Your responsibilities will include advanced incident investigation, proactive threat hunting, and engineering robust detection mechanisms. This position is crucial for enhancing our operational resilience by improving detection logic, automating response actions, and ensuring rapid containment of security incidents. You will collaborate closely with various security teams to strengthen Ooredoo's overall security posture.

Requirements

1. Strong hands-on experience with Splunk Enterprise Security (ES), including creating advanced SPL queries and custom correlation searches.

2. Demonstrated expertise in Google Chronicle SIEM for threat hunting and Google Cloud Security Command Center (SCC) for incident analysis.

3. Proficiency with Endpoint Detection and Response (EDR) tools such as Trellix EDR and Microsoft Defender for Endpoint.

4. Solid understanding of network protocols, firewalls, IDS/IPS, endpoint logs, and authentication systems.

5. Proven ability to conduct root-cause analysis by correlating data from multiple security sources (SIEM, EDR, Cloud).

6. Experience in developing custom detection rules and use cases mapped to the MITRE ATT&CK framework.

7. Working knowledge of scripting languages like Python, PowerShell, or Bash for security automation and data manipulation.

8. Experience with BigQuery for analyzing large-scale security datasets.

Desirable

1. Professional certifications such as Splunk Certified Power User/Admin, Google Cloud Certified Security Engineer, GCIH, or CEH.

2. Bachelor’s degree in Computer Science, Information Security, or a related discipline.

3. Experience with Security Orchestration, Automation, and Response (SOAR) platforms, particularly Splunk Phantom.

4. Familiarity with compliance frameworks like ISO 27001, QCB, or NIA.

5. Previous experience in mentoring junior security analysts.

Getting StartedA few quick details so we know how to reach you

How did you hear about us? *

Which country's passport do you hold? *

Email *(Please ensure the email matches the one mentioned in your CV or resume)

LinkedIn Profile URL *

Please mention your notice period *

Let’s Get to Know You BetterA few short questions to understand your experience and what you enjoy doing

1. Do you have hands-on experience creating custom SPL correlation searches in Splunk Enterprise Security? *

2. Have you used Google Chronicle for proactive threat hunting in a professional SOC environment? *

3. Do you have experience developing or optimizing SOAR playbooks using tools like Splunk Phantom? *

4. Are you experienced in correlating data from multiple sources, including EDR, SIEM, and cloud logs, for incident analysis? *

5. Have you developed custom detection rules mapped to the MITRE ATT&CK framework? *

6. Do you have prior experience mentoring L1 security analysts? *

Final DetailsSalary expectations and any supporting credentials
1. Where does your salary sit today (so we can help it move up tomorrow)?*

Enter your monthly salary in your local currency

2. What’s the number that’ll make you say "this is worth it"?*

Per month, in the currency mentioned

Upload ResumeHelp us get to know you better by sharing your most recent resume