img
Contract TypeSeasonal
Workplace typeOn-site
LocationRiyadh

Job Description

About the Role

Innovative Solutions SA, a leading cybersecurity company founded in 2003, is headquartered in Riyadh with offices across the GCC. Our mission is to empower organizations by delivering secure and intelligent digital services. We are currently seeking a Splunk SIEM Engineer to join our team in Riyadh on a contract basis. This role plays a vital part in providing hands-on support, administration, and continuous improvement of our Splunk environment, ensuring the reliability, performance, and effectiveness of security monitoring and operational use cases.

Key Tasks and Responsibilities

  • Implement comprehensive indexing and data ingestion activities, including the ingestion, parsing, and indexing of log sources to ensure accurate, consistent, and searchable data.
  • Identify and resolve data ingestion issues such as parsing errors, timestamp extraction problems, event breaking, line breaking, and truncation to maintain data integrity.
  • Monitor Splunk system performance and optimize queries, dashboards, indexing configurations, and data retention policies to meet defined Service Level Agreements (SLAs).
  • Review the existing Splunk architecture and indexing capacity, providing recommendations for improving scalability, reliability, and cost-efficiency.
  • Design, configure, and maintain alerts, correlated searches, dashboards, and reports based on operational and user-specific requirements.
  • Diagnose system issues and outages, perform thorough root cause analysis, implement corrective actions, and conduct post-incident verification.
  • Ensure the Splunk environment complies with security best practices and applicable compliance requirements, including robust access controls and auditing.
  • Maintain up-to-date technical documentation, runbooks, and user guides for the Splunk environment.
  • Provide knowledge transfer sessions to operations and engineering teams to enhance their understanding and utilization of Splunk.
  • Maintain a comprehensive inventory of Splunk content, including dashboards, saved searches, alerts, correlated searches, lookup tables, macros, knowledge objects, and use cases, categorizing them by owner, business function, frequency of use, and last modified date.
  • Provide comprehensive SIEM capabilities, including detection, alerting, and response to security threats and operational risks.
  • Develop and maintain detection logic, identify required data sources, define alert severity and thresholds, create dashboards, and develop runbooks/playbooks with acceptance criteria compliant with SLAs.
  • Review connected data sources to assess data quality and completeness, reporting findings with integration readiness recommendations.
  • Provide a Splunk maturity roadmap aligned with the organization's current maturity level.
  • Assess log quality for high-volume data sources and recommend source optimizations to increase value and reduce cost.
  • Review existing Splunk content and recommend consolidation, optimization, or creation of new use cases to enhance effectiveness.
  • Provide hands-on operational support and assist in removing technical or operational blockers for the team.
  • Develop standardized workflows and guidelines for building, validating, and operationalizing new Splunk use cases.

Qualifications and Requirements

  • Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
  • 3-5 years of experience in Splunk administration, engineering, or SIEM operations.
  • Strong understanding of Splunk architecture and data flow concepts.
  • Solid knowledge of security operations and SIEM principles.
  • Ability to analyze system performance and identify optimization opportunities.
  • Strong analytical and problem-solving skills to diagnose system and data issues.
  • Good understanding of security best practices and compliance concepts.
  • Ability to work with technical documentation and structured operational processes.
  • Strong communication skills for effective coordination with technical and operational teams.
  • Familiarity with AI tools and techniques.

Core Skills

  • Splunk
  • SIEM
  • Security Monitoring
  • Data Ingestion
  • Log Analysis
  • System Performance Monitoring
  • Query Optimization
  • Dashboard Development
  • Alerting
  • Correlated Searches
  • Root Cause Analysis
  • Security Best Practices
  • Compliance Requirements
  • Technical Documentation
  • Knowledge Transfer
  • Detection Logic Development
  • Data Quality Assessment
  • Problem Solving
  • Communication
  • AI Tools and Techniques

Work Environment and Location

This role is based in Riyadh, Saudi Arabia, and is a contract position. The role requires 2-5 years of experience.


Requirements

  • Requires 2-5 Years experience

Similar Jobs