T
Sr. IT Security Engineer (SIEM, NDR )
Total-TECH Co.
Riyadh, Saudi ArabiaAED 7,000-18,000/mo≈ SAR 7.1K-18.4K/moToday
Saudi ArabiaIT & TechnologyFull Time
Skills Required
Erp
Job Description
The Job DescriptionDesign, deploy, and maintain Splunk Enterprise, and Splunk ES (Enterprise Security) for advanced security analytics.Develop and optimize Splunk dashboards, alerts, correlation searches, and threat intelligence integrations.Manage Splunk data ingestion pipelines, including log parsing, normalization, and enrichment.Integrate and analyze NDR solutions such as Darktrace, ExtraHop, Vectra AI, or Corelight with Splunk.Develop custom detections and alerts based on network anomalies, behavioral analysis, and threat intelligence.Correlate NDR telemetry with SIEM logs to detect advanced network-based attacks (e.g., lateral movement, C2 traffic).Deploy and manage deception technologies such as Illusive Networks, TrapX, Fidelis Deception, or Attivo Networks.Integrate honeypots, decoy systems, and fake credentials to lure and detect adversaries.Create and fine-tune custom deception campaigns to simulate real-world attack scenarios.Automate deception-related alerts and incident response workflows within Splunk ES & SOAR.Design correlation rules, SIEM-based threat models, and security detections aligned with MITRE ATT&CK.Collaborate with SOC teams to enhance incident detection and response capabilities.Conduct log management audits, forensic investigations, and security assessments.Document Splunk configurations, runbooks, and security procedures.Requirements:5+ years of experience as a Splunk Engineer, SIEM Engineer, or Security Operations Engineer.Expertise in Splunk ES, Splunk SOAR, and Splunk search processing language (SPL).Hands-on experience with Network Detection & Response (NDR) platforms like Darktrace, ExtraHop, Vectra AI, or Corelight.Experience with security deception tools such as Attivo Networks, Illusive Networks, or Fidelis Deception.Strong understanding of network security, log analysis, and SIEM threat detection methodologies.Splunk Certified Architect or Splunk Enterprise Security Certified Admin.Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Security, or a related field (or equivalent experience).#J-18808-Ljbffr
Similar Opportunities
Strategic IT Solutions Account Manager – Riyadh
Best Solution for ICT
Riyadh, Saudi ArabiaAED 8,000-18,000/mo≈ SAR 8.2K-18.4K/moToday
Saudi ArabiaIT & Technology
Senior AEM Technical Leader&Solutions Architect
Globant
Riyadh, Saudi ArabiaSAR 16,667-25,000/moToday
Saudi ArabiaIT & Technology
-r35(amazon).com&sz=64)
Cybersecurity Auditor, KSA (KSA National Only), AWS Security – FSDC
Amazon Web Services Limited Regional Headquarter (One Person Company) - R35 (Amazon)
Riyadh, Saudi ArabiaAED 12,000-30,000/mo≈ SAR 12.2K-30.6K/moToday
Saudi ArabiaIT & Technology
Capital Project Director
Confidential
Muscat, OmanOMR 16,000-48,000/moToday
OmanIT & Technology
SAP Business Object Report Developer
K20S Information Technology
Kuwait City, KuwaitKWD 7,000-20,000/moToday
KuwaitIT & Technology
Lagree Instructor
Mefitpro
Kuwait City, KuwaitKWD 40,000-100,000/moToday
KuwaitIT & Technology