Senior Splunk Engineer

Tamkeen Technologies

الرياض
دائم
دوام كامل

قبل 1 شهر
التقديم على الوظيفة بسهولة

Tamkeen Technologies is looking for a talented Senior Splunk Engineer to enhance our analytics and monitoring capabilities across the organization's IT infrastructure. In this role, you will be responsible for the design, development, and maintenance of Splunk-based solutions to collect, analyze, and visualize data for security and operational insights. You will work closely with various teams to implement best practices in data ingestion, dashboard creation, and alert configuration to support organizational goals. If you have a strong background in Splunk and a keen interest in data analytics, we encourage you to apply and join our innovative team.Responsibilities

Administer and manage Splunk infrastructure across multiple clients in a multi-tenant MSSP environment.
Design and implement data onboarding processes including parsing, indexing, and field extractions.
Manage indexers, search heads, forwarders, and heavy forwarders for optimal performance.
Troubleshoot and resolve Splunk performance, search latency, and data ingestion issues.
Develop and optimize SPL queries, dashboards, alerts, and reports.
Ensure high availability, performance, and scalability of the Splunk platform.
Maintain forwarders, heavy indexers, search heads, and deployment servers.
Perform troubleshooting and root cause analysis for log ingestion and performance issues.
Support client onboarding, use case development, and data source integration.
Collaborate with SOC analysts, threat hunters, and client security teams to enhance visibility and detection.
Maintain compliance with internal security policies and relevant regulatory frameworks.
Implement role-based access control (RBAC), data retention policies, and compliance configurations.
Work closely with MSSP clients to understand their security monitoring requirements.
Provide Splunk expertise, troubleshooting, and best practices to internal and external stakeholders.
Produce documentation for architecture, configurations, processes, and operational runbooks.

Requirements

Bachelor’s degree in Information Security, Computer Science, or a related technical field.
Minimum 3–5 years of experience as a Splunk Administrator, preferably in an MSSP or multi-client environment.
Deep hands-on experience with Splunk Enterprise, Splunk Enterprise Security (ES), and Splunk architecture components.
Strong knowledge of SPL, data onboarding (parsing, field extractions, props/transforms), and performance tuning.
Experience with Splunk integrations, including threat intelligence feeds, SOAR, and third-party tools.
Familiarity with Linux/Unix systems and scripting (e.g., Python, Bash, PowerShell).
Strong understanding of SIEM use cases, threat detection, and log analysis.
Splunk certifications such as Splunk Certified Admin, Power User, or Architect are highly preferred.
Splunk certifications (Splunk Certified Admin, Splunk ES Certified, Splunk Architect).

Tamkeen Technologies