Job Details
Location: Abu Dhabi, Abu Dhabi, United Arab Emirates
Salary: Not specified
Company: ApnaWorker
We are seeking an experienced Splunk Administrator with a strong cybersecurity background to manage and support the organization's Splunk SIEM platform. Key Responsibilities: Splunk Platform Administration: Install, configure, upgrade, and maintain Splunk Enterprise and security-related Splunk applications. Administer Search Heads, Indexers, Heavy Forwarders, Deployment Servers, Cluster Managers, and License Managers. Manage indexer clustering and search head clustering. Perform health monitoring, troubleshooting, and capacity planning. Security Operations Support: Support SIEM operations using Splunk. Onboard and normalize security logs from multiple sources. Configure security alerts, correlation searches, dashboards, and reports. Assist SOC analysts during security investigations and incident response activities. Support threat detection and monitoring use cases. Data Integration & Log Management: Integrate logs from Firewalls, IDS/IPS, Endpoint Detection and Response (EDR) platforms, Antivirus solutions, Cloud platforms, Active Directory, VPN solutions, Web and application servers. Ensure data quality, retention, and compliance requirements are met. Security Administration: Configure RBAC and user access controls. Integrate authentication mechanisms such as LDAP, SAML, and Active Directory. Support compliance requirements such as ISO 27001, PCI-DSS, HIPAA, and SOC 2. Implement secure Splunk deployment practices. Automation & Optimization: Develop automation scripts using Python, Bash, or PowerShell. Optimize searches, dashboards, and correlation rules. Perform performance tuning and resource optimization. Required Skills: Splunk Enterprise Administration, Search Processing Language (SPL), Data Onboarding, SIEM Concepts, Log Management, Threat Detection, Incident Response Support, Security Monitoring, MITRE ATT&CK Framework, Security Use Case Development. Experience integrating Splunk with tools such as Firewalls (Palo Alto, Fortinet, Check Point), EDR/XDR platforms, IDS/IPS solutions, Vulnerability scanners, Cloud security services. Linux Administration, Windows Server Administration. Scripting in Python, Bash/Shell, PowerShell. Preferred Qualifications: Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field. 4-8 years of Splunk administration experience. Experience supporting SOC or Cyber Defense teams. Experience with cloud security monitoring (AWS, Azure, GCP). Preferred Certifications: Splunk Enterprise Certified Admin, Splunk Enterprise Security Certified Admin, Splunk Core Certified Power User, CompTIA Security+, Certified Information Systems Security Professional (CISSP), GIAC Certified Incident Handler (GCHI), Certified Ethical Hacker (CEH).