L3 SIEM Admin

JOB PURPOSE

To lead the administration, configuration, optimization, and advanced operations of the organization's SIEM platforms, primarily supporting Splunk SIEM, while also supporting environments utilizing other SIEM technologies such as QRadar and ArcSight, ensuring effective log ingestion, attack detection, threat analysis, incident investigation support, and continuous improvement of SOC monitoring capabilities, including coordination across teams and support for SIEM platform transition or migration activities when required

 KEY RESPONSIBILITIES

Key Responsibilities

• Administer, configure, maintain, and optimize enterprise SIEM platforms in production environments.
• Perform SIEM architecture tuning, performance optimization, and capacity management.
• Configure and maintain correlation rules, alerts, dashboards, and detection policies to support advanced threat detection.
• Lead onboarding, parsing, normalization, and ingestion of logs from infrastructure, applications, endpoints, network, and cloud services.
• Perform advanced log and attack analysis to support threat detection and SOC investigations.
• Act as escalation point for complex incidents requiring deep log and platform analysis.
• Support incident response activities by providing log intelligence and assisting investigation and forensic activities when required.
• Troubleshoot SIEM platform issues and support operational problem resolution.
• Coordinate investigations and operational activities across SOC, Incident Response, Vulnerability Management, Infrastructure, and application teams.
• Develop automation scripts and integrations using scripting languages to improve SOC operational efficiency.
• Support SIEM platform transition or migration initiatives including data source onboarding, validation, and detection use case alignment.
• Ensure SIEM platform availability, scalability, and storage efficiency.
• Maintain technical documentation, operational procedures, and configuration standards.
• Support audit, compliance, and regulatory monitoring requirements through log analysis and reporting

MINIMUM QUALIFICATIONS, EXPERIENCE, SKILLS, AND COMPETENCIES

Qualifications

• Bachelor's degree in Cybersecurity, Computer Science, IT or related field.

Professional Certifications

• Splunk Enterprise Certified Admin (Mandatory)
• Splunk Enterprise Certified Architect
• Splunk Enterprise Security Certified Admin
• Splunk Cybersecurity Defense Analyst
• CISSP, GCIH, GCIA, or equivalent GIAC certifications
• GSEC or SOC-related certifications

Years of Experience

• 5 to 7 years of experience in cybersecurity operations with at least 3+ years of hands-on experience administering Splunk SIEM platforms.

Nature of

Experience

• SOC operations and incident investigation experience
• Enterprise SIEM operations in production environments
• Coordination with infrastructure and security teams
• Experience in regulated/compliance environments

Job Specific

Skills

• Log and attack analysis using Splunk, QRadar, or ArcSight
• SIEM management and configuration for performance tuning and advanced threat detection
• Troubleshooting, incident coordination, and collaboration with SOC teams
• Threat analysis and incident response support using forensic investigation techniques
• Scripting and programming knowledge (Python, Bash, PowerShell)
• Log onboarding, parsing, and normalization
• Correlation rule and detection use case development
• Knowledge of threat detection frameworks such as MITRE ATT&CK
• Experience handling network, endpoint, cloud, and application logs
• Strong analytical and troubleshooting skills

Business Language         Skills

• English and/or Arabic language skills (written and spoken)