Senior SIEM Splunk Administrator

Job description / Role

Description
This role is for a senior SIEM admin with large experience to join the already established Splunk admin team and expand its capabilities.

Specific Responsibilities and Skills required:
• Ability to effectively document solution deployments and train colleagues
• Responsible for verifying and implementing the detailed technical design solution to the problem as identified by the Project/Technical Manager.
• Coordinates implementation of new installations, designs, and migrations for technology solutions in the SOC domain.
• Provides advanced technical consulting and advice to others on solution design, system management, tuning and modification of solutions.
• Engages in technical problem solving across multiple technologies; often needs to develop new methods to apply to the situation.
• Owns and manages knowledge sharing within a community (e.g., team or project). Contributes significant knowledge to job family community.
• Proactively encourages membership and contributions of others to professional community and coaches others in area of expertise.
• Strong verbal and written communication skills. Must be able to communicate with a wide variety of audiences, both business and technical.
• SIEM & Splunk admin specific:
• Build and optimize a large-scale Splunk infrastructure (clustered)
• Administering Splunk and Splunk Apps to include developing new or extending existing Apps to perform specialized functionality
• Design and implement solutions to address business problems understanding the Splunk architecture requirements for scalability, security, and performance
• Implementing and administering Splunk - must understand how to install and upgrade Splunk Enterprise Clustered environments
• Manage Splunk Users accounts
• Building and maintain Splunk components (indexer, forwarder, search head)
• Data onboarding expertise. Integration with out-of-the-box and custom data sources (e.g. develop custom Splunk TAs)
• Integrate Splunk best practices (apps, add-ons, searches, etc.)
• Experience with tools such as Linux, Syslogng/Rsyslog
• Create/Modify data retention policies
• Familiar with server monitoring tools
• Securing Splunk Enterprise
• Splunk Enterprise Security (ES):
• Implement and configure Splunk ES
• CIM Data Modelling experience
• Ability to implement and fine tune security content for the SOC team
• Ability to create custom content: correlation searches, Dashboards, Reports, etc.
• Ability to upgrade ES

Requirements

• College degree in Computer Science plus or related field plus 5 years experience
• Expert knowledge of SIEM installation, configuration, troubleshooting and design. In particular using Splunk Core + Enterprise Security.
• Broad security knowledge and experience. Understanding of security frameworks and standards such as MITRE ATT&CK, CIS, NIST-CSF and/or other relevant security-related regulations.

Required Certifications:
• Splunk Core Certified Consultant or Splunk Architect certified (or similar)
• Security Industry certifications such as SANS GMON or CISSP (or similar)
• Experienced in the SOC domain – demonstrates ability to create security content
• Scripting Skills and Regular Expressions Knowledge
• Fluent English language skills

About the Company

Saudi Networkers Services, incorporated in 2001 with an aim to provide the world class business and consulting services through a combination of market insight, technical excellence and unrivalled agile methodology.

Our success stems from building strong relationships and trusted partners, which enabled us delivering exceptional services to public sector, as well as some world's leading organizations, in Telecommunication, Information Technology, Cyber Security, Banking, Energy, Utilities and various other industry arenas.

We collaborate closely, ideate that how the work gets done, while working alongside businesses to collaborate on growth and applying breakthrough innovations, that drive exponential impact, managed by teams specialized in their assigned industry sectors.