Splunk Security Infrastructure Engineer for Qatar

We are looking for Splunk Security Infrastructure Engineer for Qatar location.

If you are available, please send your cv immediately.

Platform Administration & Operations

• Install, configure, and maintain Splunk Enterprise / Splunk Cloud deployments, including indexers, search heads, forwarders, and cluster managers.

• Manage Splunk licensing, capacity planning, and storage tiering to align with data retention policies.

• Perform routine health checks, patching, and version upgrades to maintain system stability and security.

• Configure and administer Splunk clustering (Search Head Clusters, Indexer Clusters) to ensure high availability and disaster recovery.

• Monitor platform performance metrics such as indexing throughput, search concurrency, and disk utilization, and implement tuning measures proactively.

Data Onboarding & Normalization

• Architect and manage data ingestion pipelines from diverse sources including firewalls, endpoints, cloud platforms (AWS, Azure, GCP), Active Directory, and SaaS applications.

• Deploy and manage Universal Forwarders and Heavy Forwarders across on-premise and cloud environments.

• Develop and maintain custom Technology Add-ons (TAs) and props/transforms to normalize log data to the Splunk Common Information Model (CIM).

• Validate data quality and completeness — monitoring for indexing gaps, latency, and data drops.

• Integrate Splunk with REST APIs and syslog receivers to ingest telemetry from non-standard sources.

Detection Content & Search Development

• Author, tune, and maintain correlation searches and scheduled alerts using Splunk Processing Language (SPL) to detect threats aligned to MITRE ATT&CK.

• Build and maintain Splunk Enterprise Security (ES) Notable Events, risk scores, and threat object frameworks.

• Develop and manage dashboards, reports, and visualizations for SOC analysts, management, and executive stakeholders.

• Collaborate with the threat intelligence team to integrate IOC feeds and threat lists into detection logic.

SOAR & Automation Engineering

• Design and implement automated playbooks using Splunk SOAR (formerly Phantom) to orchestrate incident response workflows.

• Build and maintain API connectors between Splunk SOAR and third-party tools such as EDR platforms, ticketing systems, firewalls, and IAM solutions.

• Automate repetitive analyst tasks including alert triage, artifact enrichment, evidence collection, and containment actions.

• Configure Splunk SOAR case management — custom fields, workbooks, SLA tracking, and analyst assignment rules.

Access Control & Security Management

• Administer Role-Based Access Control (RBAC) within Splunk, ensuring analysts, engineers, and leadership have appropriate data access and capability levels.

• Manage Splunk authentication integrations including LDAP, SAML, and multi-factor authentication (MFA).

• Enforce data segmentation and index-level access controls to protect sensitive and regulated data sets.

Pay: QAR10,000.00 - QAR14,000.00 per month

Work Location: In person