Splunk Security Infrastructure Engineer for Qatar

Overview

Platform Administration & Operations

• Install, configure, and maintain Splunk Enterprise / Splunk Cloud deployments, including indexers, search heads, forwarders, and cluster managers.
• Manage Splunk licensing, capacity planning, and storage tiering to align with data retention policies.
• Perform routine health checks, patching, and version upgrades to maintain system stability and security.
• Configure and administer Splunk clustering (Search Head Clusters, Indexer Clusters) to ensure high availability and disaster recovery.
• Monitor platform performance metrics such as indexing throughput, search concurrency, and disk utilization, and implement tuning measures proactively.

Data Onboarding & Normalization

• Architect and manage data ingestion pipelines from diverse sources including firewalls, endpoints, cloud platforms (AWS, Azure, GCP), Active Directory, and SaaS applications.
• Deploy and manage Universal Forwarders and Heavy Forwarders across on-premise and cloud environments.
• Develop and maintain custom Technology Add-ons (TAs) and props/transforms to normalize log data to the Splunk Common Information Model (CIM).
• Validate data quality and completeness — monitoring for indexing gaps, latency, and data drops.
• Integrate Splunk with REST APIs and syslog receivers to ingest telemetry from non-standard sources.

Detection Content & Search Development

• Author, tune, and maintain correlation searches and scheduled alerts using Splunk Processing Language (SPL) to detect threats aligned to MITRE ATT&CK.
• Build and maintain Splunk Enterprise Security (ES) Notable Events, risk scores, and threat object frameworks.
• Develop and manage dashboards, reports, and visualizations for SOC analysts, management, and executive stakeholders.
• Collaborate with the threat intelligence team to integrate IOC feeds and threat lists into detection logic.

SOAR & Automation Engineering

• Design and implement automated playbooks using Splunk SOAR (formerly Phantom) to orchestrate incident response workflows.
• Build and maintain API connectors between Splunk SOAR and third-party tools such as EDR platforms, ticketing systems, firewalls, and IAM solutions.
• Automate repetitive analyst tasks including alert triage, artifact enrichment, evidence collection, and containment actions.
• Configure Splunk SOAR case management — custom fields, workbooks, SLA tracking, and analyst assignment rules.

Access Control & Security Management

• Administer Role-Based Access Control (RBAC) within Splunk, ensuring analysts, engineers, and leadership have appropriate data access and capability levels.
• Manage Splunk authentication integrations including LDAP, SAML, and multi-factor authentication (MFA).
• Enforce data segmentation and index-level access controls to protect sensitive and regulated data sets.
• Pay: QAR10,000.00 - QAR14,000.00 per month