Splunk Enterprise & SOAR Administrator

Posted time June 12, 2025 Location Dubai Job type Full-time

Job Description:

Key Responsibilities:

  • Administering Splunk log management, ingestion, and normalization as well as administering Splunk Entripse Secuirty.
  • Advanced Splunk analytics and the development and administration of custom Splunk Dashboard and lookup.
  • Splunk data integrations with business-critical enterprise applications and systems.
  • Translating feedback from the business to Splunk technical requirement and solutions.
  • Develop specialized Splunk Enterpise Security and Splunk SOAR, add-ons, data models, corelation searchs, dashboards, content using Python, Splunk SPL, Splunk SimpleXML (OR JavaScript, CSS), or Bash.
  • Develop custom Splunk applications and Add-Ons for inclusion of access events per use case criteria.
  • Develop Splunk Risk scoring based on compliance conditions to determine suspicious access events.
  • Develop custom risk scoring to weed out white noise and only show actionable incidents to SOC Analysts.
  • Develop Dashboards for Security Analysts with detailed drill down capability for incident response.
  • Develop triage workflows for analysts to assign and track ongoing investigations.
  • Adminsistering Splunk SOAR cluster & Postgresdb cluster enviroment and playbooks.
  • Develop and enhance use cases in Splunk Enterpise Security.
  • Develop Playbook to increase automation for the SOC team.
  • Develop Python-based custom functions to further enhance the current playbooks.
  • Integrate AI models with Splunk and Splunk SOARto enhance alerting capabilities and improve overall operational efficiency.

Skills and experience:

  • 5 years Experinsce of Splunk Adminstiration – Required at a minimum
  • Active Splunk Enterprise Certified Architect and Splunk SOAR Admistration Certifcation – Required at a minimum.
  • Splunk Core Certified Consultant – strongly preferred

Education:
Bachelors Degree – Required

Required Experience: In addition to active Splunk certification(s), must also have experience with the following:

  • Python development – Proficiency in Python programming language
  • Splunk SimpleXML or web development (JavaScript, CSS)
  • Splunk app & add-on development
  • Splunk data modeling
  • Strong experience in Splunk development, building dashboards, reports and lookup tables.
  • Working knowledge of Splunk including SPL, indexers, forwarders, search heads
  • Expertise in large scale cyber security data analytics, identifying data-driven threat collection opportunities.
  • Prior Information security analysis experience in a Cyber Security Operations Center (CSOC)