SIEM Administrator Splunk

Get AI-powered advice on this job and more exclusive features.

We are seeking an experienced SIEM Administrator to manage the full lifecycle of our Splunk Enterprise Security (ES) platform. In this role, you will be responsible for the deployment, configuration, and maintenance of a robust Splunk architecture, ensuring comprehensive security visibility across our hybrid infrastructure. You will onboard diverse log sources, create and fine‑tune correlation searches mapped to the MITRE ATT&CK framework, and build real‑time dashboards for threat detection. The ideal candidate will excel at system optimization, performance tuning, and troubleshooting. A key part of your role will be to drive automation by integrating Splunk with SOAR platforms and developing scripts to enhance SOC efficiency. You will also be responsible for generating compliance reports and supporting audit requirements, collaborating closely with SOC analysts to strengthen our security posture.

• 7–8 years of hands‑on experience in Splunk Enterprise Security (ES) administration.
• Proven expertise in deploying and maintaining Splunk components including Search Heads, Indexers, and Forwarders.
• Advanced proficiency in Splunk Processing Language (SPL) for complex query development, dashboard creation, and alerting.
• Demonstrated experience in onboarding, parsing, and normalizing diverse log sources (e.g., network, firewall, endpoint, cloud).
• In‑depth knowledge of the MITRE ATT&CK framework and experience applying it to create high‑fidelity detections.
• Strong understanding of Unix / Linux operating systems, networking protocols, and security principles.
• Experience with Splunk performance tuning, index optimization, and license management.
• Must hold a current Splunk Certified Administrator, Architect, or Power User certification.
• Experience integrating Splunk with SOAR platforms, particularly Splunk SOAR (Phantom).
• Familiarity with compliance and audit reporting for frameworks like ISO 27001, QCB, or NIA.
• Professional security certifications such as Security+, CEH, or GCIH.
• Experience configuring Splunk SmartStore and data‑tiering for cost and retention optimization.
• Skills in scripting languages (e.g., Python, Bash) for automation.

Referrals increase your chances of interviewing at Starlink Qatar by 2x.

Get notified about new Administrator jobs in Doha, Qatar .

#J-18808-Ljbffr