Employment:
Full Time
Description
This role is for a senior SIEM admin with large experience to join the already established Splunk admin team and expand its capabilities.
Specific Responsibilities and Skills required:
• Ability to effectively document solution deployments and train colleagues
• Responsible for verifying and implementing the detailed technical design solution to the problem as identified by the Project/Technical Manager.
• Coordinates implementation of new installations, designs, and migrations for technology solutions in the SOC domain.
• Provides advanced technical consulting and advice to others on solution design, system management, tuning and modification of solutions.
• Engages in technical problem solving across multiple technologies; often needs to develop new methods to apply to the situation.
• Owns and manages knowledge sharing within a community (e.g., team or project). Contributes significant knowledge to job family community.
• Proactively encourages membership and contributions of others to professional community and coaches others in area of expertise.
• Strong verbal and written communication skills. Must be able to communicate with a wide variety of audiences, both business and technical.
• SIEM & Splunk admin specific:
• Build and optimize a large-scale Splunk infrastructure (clustered)
• Administering Splunk and Splunk Apps to include developing new or extending existing Apps to perform specialized functionality
• Design and implement solutions to address business problems understanding the Splunk architecture requirements for scalability, security, and performance
• Implementing and administering Splunk – must understand how to install and upgrade Splunk Enterprise Clustered environments
• Manage Splunk Users accounts
• Building and maintain Splunk components (indexer, forwarder, search head)
• Data onboarding expertise. Integration with out-of-the-box and custom data sources (e.g. develop custom Splunk TAs)
• Integrate Splunk best practices (apps, add-ons, searches, etc.)
• Experience with tools such as Linux, Syslogng/Rsyslog
• Create/Modify data retention policies
• Familiar with server monitoring tools
• Securing Splunk Enterprise
• Splunk Enterprise Security (ES):
• Implement and configure Splunk ES
• CIM Data Modelling experience
• Ability to implement and fine tune security content for the SOC team
• Ability to create custom content: correlation searches, Dashboards, Reports, etc.
• Ability to upgrade ES
• College degree in Computer Science plus or related field plus 5 years experience
• Expert knowledge of SIEM installation, configuration, troubleshooting and design. In particular using Splunk Core + Enterprise Security.
• Broad security knowledge and experience. Understanding of security frameworks and standards such as MITRE ATT&CK, CIS, NIST-CSF and/or other relevant security-related regulations.
Required Certifications:
• Splunk Core Certified Consultant or Splunk Architect certified (or similar)
• Security Industry certifications such as SANS GMON or CISSP (or similar)
• Experienced in the SOC domain – demonstrates ability to create security content
• Scripting Skills and Regular Expressions Knowledge
• Fluent English language skills
Saudi Networkers is one of the largest consultancies providing services to ICT, Oil & Energy, Technology, Engineering, Banking, Finance and Healthcare arena across Middle East & Africa, covered by teams, specialized in their assigned industry sector.
Saudi Networkers founded in 2001 and has excelled ever since in providing cost effective solutions to the biggest multinational companies in MEA region with very high standards of quality whilst adhering business ethics and meeting our clients expectations.
Today, SNS Group is one of the leading consultancies, with more than 1700+ employees worldwide, ISO 9001:2008 certified and is highly regarded.
Source: Job Posting - gulftalent.com