SOC Analyst – Splunk SIEM

For a leading Bank in Bahrain , we are seeking a SOC Analyst (L1/L2) with strong hands-on capability in SOC monitoring, incident response support, and SIEM operations using Splunk Enterprise Security . The resource will assist a larger SOC team while also handling directly assigned tasks such as incident investigation and security analysis.

Key Responsibilities

SOC Monitoring, Triage & Escalation

• Perform general cybersecurity monitoring, alert triage, validation, prioritization, and escalation according to SOC procedures.
• Support day-to-day SOC monitoring activities while owning assigned investigations end-to-end when required (e.g., incident investigation, analysis, evidence collection).
• Maintain accurate case/ticket documentation: actions taken, timelines, evidence, and findings within the ticketing/incident management system.

Incident Handling & Investigation Support

• Provide incident handling capabilities: investigate alerts, identify indicators of compromise (IOCs), assess scope/impact, and support containment and recovery coordination with relevant teams.
• Conduct analysis on security events and incidents and contribute to root-cause understanding where applicable.
• Produce incident summaries and contribute to post-incident improvement recommendations.

SIEM Operations (Splunk Enterprise Security)

• Operate and support Splunk ES use cases including monitoring, dashboards, correlation searches (as per level), alerts, and reporting.
• Support SIEM operational health activities (log visibility support, troubleshooting monitoring/reporting issues, and operational maintenance as applicable).
• Provide recommendations to enhance SIEM and SOC capabilities (detection improvements, coverage expansion, operational enhancements).

Endpoint, Email, NDR & Defender Monitoring

• Monitor and support endpoint and email security; Trend Micro XDR experience is a plus.
• Ability to monitor Windows Defender Portal and correlate findings with SIEM alerts.
• Support Network Detection & Response (NDR) monitoring and investigation workflows.
• Correlate security events using additional tools where applicable (e.g., Corelight Investigator, asset management tools such as Lansweeper, anti-phishing platforms).

Threat Intelligence Monitoring

• Perform threat intelligence monitoring, track relevant threats/IOCs, and support operationalizing them within SOC monitoring and investigations.

Skills & Qualifications

• 4+ years of relative experience.
• SOC monitoring, triage, escalation, and incident investigation fundamentals (L1/L2 coverage).
• Strong knowledge in SIEM (Splunk Enterprise Security) and SOC operational workflow.
• Familiarity with supporting security tooling used for enrichment and investigation (e.g., Trend Micro XDR, Corelight Investigator, Defender Portal, asset management tools such as Lansweeper, anti-phishing platforms).