V
Splunk Operations Lead
Visible Stars, Inc.
Riyadh, Saudi ArabiaSAR 3,800-9,500/moYesterday
Saudi ArabiaIT & TechnologyFull Time
Skills Required
Erp
Job Description
OverviewExpertise: Splunk Enterprise Certified Architect, minimum 7–10 years in Splunk enterprise deployments.Responsibilities: Lead daily Splunk operations and ensure SLA adherence. Perform infrastructure management and health checks. Oversee scaling advisement and expansion readiness. Act as the main point of contact for the Bank’s internal teams. Organized support for major incident response efforts.Job qualificationsDaily health checks and monitoring of Splunk infrastructure performance (indexers, search heads, deployment servers, cluster masters, etc.).Indexer and search head cluster management (including failover and scaling).Splunk upgrades, patch management, and hotfix applications.License usage monitoring and optimization.Onboarding of new data sources, including parsing, field extractions, and CIM (Common Information Model) compliance.Use Case Lifecycle Management (Development, Tuning, Optimization):Work with stakeholders to identify security monitoring use cases.Develop new detection rules, correlation searches, dashboards, and alerts.Fine-tune existing use cases to reduce false positives and improve detection accuracy.Align all use cases with threat intelligence (MITRE ATT&CK, local TTPs, sectoral threats).Map use cases to regulatory frameworks (SAMA CSF, NCA ECC/CCC, PCI DSS).Develop use cases based on frameworks such as MITRE ATT&CK, OWASP.Map Use-cases for InfoSec tools, security technologies & cover additional InfoSec tool Splunk integration.Creation and maintenance of dashboards (supporting threat hunting, data sources coverage, critical assets coverage and endpoint security control coverage), alerts, reports, and correlation searches.Splunk apps and add-on installation, application onboarding, configuration, and lifecycle management.Splunk optimization by troubleshooting ingestion delays, parsing errors, and search performance issues.Storage capacity management and archiving strategies.Implementing and maintaining Role-Based Access Control (RBAC).Support for compliance, audit, and regulatory reporting requirements.Incident response support by ensuring Splunk visibility for detection and investigation.Documentation of processes, configurations, and knowledge transfer.Continuous monitoring for regulatory compliance.Specialized Reviews & Advisory ServicesThe Bank requires to utilize Splunk services to perform assessments and optimizations, specifically:Post-Implementation ReviewData Model ReviewData Source ReviewSecurity Integrations & Monitoring ReviewScaling Advisement & Expansion Readiness AssessmentAdvanced use case managementQuarterly review of SIEM Architecture & Security PostureEvaluation of existing detection rulesBi-Annual review for planning of SIEM evolution and enhancement#J-18808-Ljbffr
Similar Opportunities
M
ServiceNow Systems Admin: Optimize, Upgrades & Support
Müller's Solutions
Riyadh, Saudi ArabiaAED 3,500-8,000/mo≈ SAR 3.6K-8.2K/moYesterday
Saudi ArabiaIT & Technology
M
Full Stack Developer (Vue.js)
Master Works
Riyadh, Saudi ArabiaAED 8,000-22,000/mo≈ SAR 8.2K-22.4K/moYesterday
Saudi ArabiaIT & Technology
X
Director of Telecom Ops & Administration (KSA)
XAD Technologies
Riyadh, Saudi ArabiaAED 20,000-60,000/mo≈ SAR 20.4K-61.2K/moYesterday
Saudi ArabiaIT & Technology
F
CE & Digitalization Manager — Customer Experience Leader
FMS.AE
Ras Al Khaimah, UAEAED 8,000-20,000/moYesterday
UAEIT & Technology
I
Web Developer
India Abroad
Fujairah, UAEAED 6,000-18,000/moYesterday
UAEIT & Technology
A
Cyber Threat Intelligent Engineer - Saudi Nationals Only
Accenture
Jeddah, Saudi ArabiaAED 7,000-18,000/mo≈ SAR 7.1K-18.4K/moYesterday
Saudi ArabiaIT & Technology