L3 SIEM Admin

Job Purpose

Key Responsibilities

• Administer, configure, maintain, and optimize enterprise SIEM platforms in production environments.
• Perform SIEM architecture tuning, performance optimization, and capacity management.
• Configure and maintain correlation rules, alerts, dashboards, and detection policies to support advanced threat detection.
• Lead onboarding, parsing, normalization, and ingestion of logs from infrastructure, applications, endpoints, network, and cloud services.
• Perform advanced log and attack analysis to support threat detection and SOC investigations.
• Act as escalation point for complex incidents requiring deep log and platform analysis.
• Support incident response activities by providing log intelligence and assisting investigation and forensic activities when required.
• Troubleshoot SIEM platform issues and support operational problem resolution.
• Coordinate investigations and operational activities across SOC, Incident Response, Vulnerability Management, Infrastructure, and application teams.
• Develop automation scripts and integrations using scripting languages to improve SOC operational efficiency.
• Support SIEM platform transition or migration initiatives including data source onboarding, validation, and detection use case alignment.
• Ensure SIEM platform availability, scalability, and storage efficiency.
• Maintain technical documentation, operational procedures, and configuration standards.
• Support audit, compliance, and regulatory monitoring requirements through log analysis and reporting

Qualifications

• Bachelor’s degree in Cybersecurity, Computer Science, IT or related field.

• Splunk Cybersecurity Defense Analyst

• CISSP, GCIH, GCIA, or equivalent GIAC certifications
• GSEC or SOC-related certifications
• Years of Experience
• 5 to 7 years of experience in cybersecurity operations with at least 3+ years of hands-on experience administering Splunk SIEM platforms.
• Nature of

Experience

• SOC operations and incident investigation experience
• Enterprise SIEM operations in production environments
• Coordination with infrastructure and security teams
• Experience in regulated/compliance environments

Skills

• Log and attack analysis using Splunk, QRadar, or ArcSight
• SIEM management and configuration for performance tuning and advanced threat detection
• Troubleshooting, incident coordination, and collaboration with SOC teams
• Threat analysis and incident response support using forensic investigation techniques
• Scripting and programming knowledge (Python, Bash, PowerShell)
• Log onboarding, parsing, and normalization
• Correlation rule and detection use case development
• Knowledge of threat detection frameworks such as MITRE ATT&CK
• Experience handling network, endpoint, cloud, and application logs
• Strong analytical and troubleshooting skills

Skills

• English and/or Arabic language skills (written and spoken)