A Summary of the Role & Responsibilities :
• We are seeking a skilled and proactive Splunk Engineer to lead and manage, enhance SOC operations for a UAE based client.
• You’ll play a critical role in ensuring the effectiveness of our Splunk SIEM based SOC, enhancing use cases and playbooks, and addressing incident management gaps and work with the Security Manager to improve Threat detections, improve Risk scoring and powerful case response.
• Reporting to the Security Manager [Senior Consultant], you will collaborate closely with a remote SOC team in India to meet client requirements and improve overall SOC performance and Effectiveness. Detailed JD & Requirements: Job Description : Splunk Engineer - L2 & L3 Location : Remote (India) Type : Full-Time Key Responsibilities (A) Splunk Engineering
• Develop, optimize, and maintain Splunk use cases, dashboards, alerts, and reports to enhance SOC capabilities.
• Design and implement effective Splunk playbooks for incident detection, response, and escalation.
• Conduct regular health checks and performance tuning of Splunk environments.
• Co-ordinate weekly with the Security Manager (Sr. Consultant), report and take directions, participate in meetings with the client IT teams and stakeholders along with the Security Manager and take directions to enhance SOC outcomes and objectives based on risk-based approach and directions provided by the Security Manager. (B) Security Use Case Development
• Develop and fine-tune correlation rules, alarms, and dashboards for advanced threat detection.
• Identify gaps in existing use cases and recommend improvements L2 & L3 (C) Incident Management
• Identify gaps in current SOC operations and implement corrective actions.
• Provide hands-on support for advanced incident analysis and forensic investigations.
• Ensure consistent and accurate incident reporting to stakeholders. (D) Client Engagement
• Act as the primary point of contact for client escalations related to SOC operations.
• Collaborate with the Security Manager to align SOC deliverables with client expectations.
• Participate in regular client meetings to report on SOC performance and improvements. Required Skills and Experience
• 5+ years of experience in Splunk Admin operations, including at least 3 years as a Splunk Engineer or equivalent role.
• Proficiency in Splunk Enterprise Security, including developing and maintaining use cases, dashboards, and playbooks.
• Strong understanding of SIEM concepts, architecture, best practices.
• Proficiency in scripting, automation and query languages (Regex, SQL, Python, Bash etc.).
• Familiarity with Windows, Linux, & network device log formats.
• Basic knowledge of security frameworks such as NIST, ISO 27001, or MITRE ATT&CK
• Proven experience in incident management and threat analysis.
• Hands-on expertise in security monitoring, log analysis, threat hunting.
• Knowledge of network security, endpoint security, and cloud security concepts and architecture.
• SOFT SKILLS: Strong communication and client management skills, Good Trouble shooting and problem-solving attitude, capable to work under pressure and manage multiple priorities.
• Familiarity with UAE regulatory frameworks & compliance requirements (Optional, e.g. UAE IAR ). Preferred Qualifications & Certifications
• Education: Bachelor’s degree in Information Technology, Cybersecurity, or related field
• Splunk certifications (e.g., Splunk Certified Admin, Splunk Certified Power User, Splunk Certified Architect).
• Other Cybersecurity certifications will be an added advantage. E.g. CEH , Application Security, OWASP Top 10, ISO 27001, CSA( Certified SOC analyst), Certified Incident Handler (CIH).