Sr. Splunk Engineer📣 Job Ad

About the Role

DXC Technology is seeking a Sr. Splunk Engineer to join their team in Riyadh. This is a full-time position focused on designing, implementing, and maintaining Splunk solutions to support security monitoring and operational needs.

Key Responsibilities

• Design and implement end-to-end Splunk solutions, covering data ingestion, parsing, indexing, and search optimization.
• Develop and maintain custom correlation rules, alerts, dashboards, and visualizations for security monitoring and incident response.
• Onboard new log sources from infrastructure, security, application, and cloud systems using best practices (*, via UF, HF, syslog, APIs).
• Perform regular health checks, performance tuning for indexers and search heads, monitor license usage, and manage configuration backups.
• Support threat detection initiatives by translating security use cases into actionable Splunk queries and alerts.
• Assist in troubleshooting ingestion failures, parsing errors, and inefficient searches.
• Collaborate with SOC, threat intelligence, and infrastructure teams to ensure data relevance, completeness, and quality.
• Maintain Splunk Enterprise Security (ES) configurations, including CIM compliance, notables, and risk-based alerting (RBA).
• Implement and manage data retention policies and storage utilization in line with compliance requirements.
• Automate tasks and processes using scripts (Python, Bash, PowerShell) and configuration management tools as needed.
• Provide technical guidance and mentoring to junior Splunk engineers and analysts.

Required Experience and Skills

Candidates should possess a minimum of 5 years of hands-on experience in SIEM engineering, with at least 3 years specifically focused on Splunk Enterprise or Splunk Cloud. Proficiency in SPL (Search Processing Language), data onboarding, and CIM normalization is essential. Experience integrating diverse log sources, including firewalls, endpoints, cloud platforms (AWS, Azure), identity systems, and threat intelligence feeds, is required. A strong understanding of security operations, detection engineering, and incident response workflows is necessary. Familiarity with Splunk ES, UBA, ITSI, and SOAR is preferred but not mandatory. Experience with scripting and automation using Python, Bash, or PowerShell is also required. A good knowledge of networking, security protocols, and system administration (Windows/Linux) is expected. Exposure to regulatory and compliance requirements such as ISO 27001, NCA, SAMA, and PCI-DSS is beneficial.

Work Location and Type

This is a full-time position based in Riyadh, Saudi Arabia.