T
Sr. IT Security Engineer (SIEM, NDR )
Total-TECH Co.
Riyadh, Saudi ArabiaAED 7,000-18,000/mo≈ SAR 7.1K-18.4K/moToday
Saudi ArabiaIT & TechnologyFull Time
Skills Required
Erp
Job Description
The Job DescriptionDesign, deploy, and maintain Splunk Enterprise, and Splunk ES (Enterprise Security) for advanced security analytics.Develop and optimize Splunk dashboards, alerts, correlation searches, and threat intelligence integrations.Manage Splunk data ingestion pipelines, including log parsing, normalization, and enrichment.Integrate and analyze NDR solutions such as Darktrace, ExtraHop, Vectra AI, or Corelight with Splunk.Develop custom detections and alerts based on network anomalies, behavioral analysis, and threat intelligence.Correlate NDR telemetry with SIEM logs to detect advanced network-based attacks (e.g., lateral movement, C2 traffic).Deploy and manage deception technologies such as Illusive Networks, TrapX, Fidelis Deception, or Attivo Networks.Integrate honeypots, decoy systems, and fake credentials to lure and detect adversaries.Create and fine-tune custom deception campaigns to simulate real-world attack scenarios.Automate deception-related alerts and incident response workflows within Splunk ES & SOAR.Design correlation rules, SIEM-based threat models, and security detections aligned with MITRE ATT&CK.Collaborate with SOC teams to enhance incident detection and response capabilities.Conduct log management audits, forensic investigations, and security assessments.Document Splunk configurations, runbooks, and security procedures.Requirements:5+ years of experience as a Splunk Engineer, SIEM Engineer, or Security Operations Engineer.Expertise in Splunk ES, Splunk SOAR, and Splunk search processing language (SPL).Hands-on experience with Network Detection & Response (NDR) platforms like Darktrace, ExtraHop, Vectra AI, or Corelight.Experience with security deception tools such as Attivo Networks, Illusive Networks, or Fidelis Deception.Strong understanding of network security, log analysis, and SIEM threat detection methodologies.Splunk Certified Architect or Splunk Enterprise Security Certified Admin.Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Security, or a related field (or equivalent experience).#J-18808-Ljbffr
Similar Opportunities
R
RFP & Tendering Lead - Bid & Compliance Expert
Raqmiyat
Riyadh, Saudi ArabiaSAR 7,600-19,000/moToday
Saudi ArabiaIT & Technology
A
Principal Account Executive
Amazon Web Services (AWS)
Riyadh, Saudi ArabiaAED 12,000-25,000/mo≈ SAR 12.2K-25.5K/moToday
Saudi ArabiaIT & Technology
D
Enterprise Data & Analytics Software Sales Executive
Denodo
Riyadh, Saudi ArabiaAED 4,000-10,000/mo≈ SAR 4.1K-10.2K/moToday
Saudi ArabiaIT & Technology
T
Telecom Project Coordinator | Tazamon | United Arab Emirates
Tech Junction Ltd
Sharjah, UAEAED 4,000-10,000/moToday
UAEIT & Technology
R
Expert Network Engineer (Arista) | Reach Group | UAE
Reach Group
UAEAED 8,000-20,000/moToday
UAEIT & Technology
A
Data Analyst
Avanta Works
UAEAED 7,000-18,000/moToday
UAEIT & Technology