company-logo

SIEM Administrator Splunk

Description

We are seeking an experienced SIEM Administrator to manage the full lifecycle of our Splunk Enterprise Security (ES) platform. In this role, you will be responsible for the deployment, configuration, and maintenance of a robust Splunk architecture, ensuring comprehensive security visibility across our hybrid infrastructure. You will onboard diverse log sources, create and fine-tune correlation searches mapped to the MITRE ATT&CK framework, and build real-time dashboards for threat detection. The ideal candidate will excel at system optimization, performance tuning, and troubleshooting. A key part of your role will be to drive automation by integrating Splunk with SOAR platforms and developing scripts to enhance SOC efficiency. You will also be responsible for generating compliance reports and supporting audit requirements, collaborating closely with SOC analysts to strengthen our security posture.

Requirements

1. 7–8 years of hands-on experience in Splunk Enterprise Security (ES) administration.

2. Proven expertise in deploying and maintaining Splunk components including Search Heads, Indexers, and Forwarders.

3. Advanced proficiency in Splunk Processing Language (SPL) for complex query development, dashboard creation, and alerting.

4. Demonstrated experience in onboarding, parsing, and normalizing diverse log sources (e.g., network, firewall, endpoint, cloud).

5. In-depth knowledge of the MITRE ATT&CK framework and experience applying it to create high-fidelity detections.

6. Strong understanding of Unix/Linux operating systems, networking protocols, and security principles.

7. Experience with Splunk performance tuning, index optimization, and license management.

8. Must hold a current Splunk Certified Administrator, Architect, or Power User certification.

Desirable

1. Experience integrating Splunk with SOAR platforms, particularly Splunk SOAR (Phantom).

2. Familiarity with compliance and audit reporting for frameworks like ISO 27001, QCB, or NIA.

3. Professional security certifications such as Security+, CEH, or GCIH.

4. Experience configuring Splunk SmartStore and data-tiering for cost and retention optimization.

5. Skills in scripting languages (e.g., Python, Bash) for automation.

Role Highlights

📍 Location

Doha

💼 Work Location Type

Onsite

📈 Job Level

Senior

Getting StartedA few quick details so we know how to reach you

How did you hear about us? *

Which country's passport do you hold? *

Email *(Please ensure the email matches the one mentioned in your CV or resume)

LinkedIn Profile URL *

Please mention your notice period *

Let’s Get to Know You BetterA few short questions to understand your experience and what you enjoy doing

1. Do you have at least 7 years of hands-on experience administering a Splunk Enterprise Security environment? *

2. Have you developed and tuned custom correlation searches in Splunk and mapped them to the MITRE ATT&CK framework? *

3. Are you experienced with onboarding and normalizing log data from various sources like firewalls, endpoints, and applications? *

4. Does your experience include Splunk platform optimization, such as index management and performance tuning? *

5. Have you integrated Splunk with a SOAR platform like Phantom to automate security responses? *

6. Do you currently hold an active Splunk Certified Administrator, Architect, or Power User certification? *

Final DetailsSalary expectations and any supporting credentials
1. Where does your salary sit today (so we can help it move up tomorrow)?*

Enter your monthly salary in your local currency

2. What’s the number that’ll make you say "this is worth it"?*

Per month, in the currency mentioned

Upload ResumeHelp us get to know you better by sharing your most recent resume