L3 SIEM Admin
Job Fit Check
Base Career helps you apply smarter for this job.
Key skills for this role
About the Role
Job description: **JOB PURPOSE** To lead the administration, configuration, optimization, and advanced operations of the organization’s SIEM platforms, primarily supporting Splunk SIEM, while also supporting environments utilizing other SIEM technologies such as QRadar and ArcSight, ensuring effective log ingestion, attack detection, threat analysis, incident investigation support, and continuous improvement of SOC monitoring capabilities, including coordination a
Key Skills for This Role
Full Job Posting
Job Purpose
To lead the administration, configuration, optimization, and advanced operations of the organization’s SIEM platforms, primarily supporting Splunk SIEM, while also supporting environments utilizing other SIEM technologies such as QRadar and ArcSight, ensuring effective log ingestion, attack detection, threat analysis, incident investigation support, and continuous improvement of SOC monitoring capabilities, including coordination across teams and support for SIEM platform transition or migration activities when required
Key Responsibilities
- Administer, configure, maintain, and optimize enterprise SIEM platforms in production environments.
- Perform SIEM architecture tuning, performance optimization, and capacity management.
- Configure and maintain correlation rules, alerts, dashboards, and detection policies to support advanced threat detection.
- Lead onboarding, parsing, normalization, and ingestion of logs from infrastructure, applications, endpoints, network, and cloud services.
- Perform advanced log and attack analysis to support threat detection and SOC investigations.
- Act as escalation point for complex incidents requiring deep log and platform analysis.
- Support incident response activities by providing log intelligence and assisting investigation and forensic activities when required.
- Troubleshoot SIEM platform issues and support operational problem resolution.
- Coordinate investigations and operational activities across SOC, Incident Response, Vulnerability Management, Infrastructure, and application teams.
- Develop automation scripts and integrations using scripting languages to improve SOC operational efficiency.
- Support SIEM platform transition or migration initiatives including data source onboarding, validation, and detection use case alignment.
- Ensure SIEM platform availability, scalability, and storage efficiency.
- Maintain technical documentation, operational procedures, and configuration standards.
- Support audit, compliance, and regulatory monitoring requirements through log analysis and reporting
Qualifications
- Bachelor’s degree in Cybersecurity, Computer Science, IT or related field.
• Splunk Cybersecurity Defense Analyst
- CISSP, GCIH, GCIA, or equivalent GIAC certifications
- GSEC or SOC-related certifications
- Years of Experience
- 5 to 7 years of experience in cybersecurity operations with at least 3+ years of hands-on experience administering Splunk SIEM platforms.
- Nature of
Experience
- SOC operations and incident investigation experience
- Enterprise SIEM operations in production environments
- Coordination with infrastructure and security teams
- Experience in regulated/compliance environments
Skills
- Log and attack analysis using Splunk, QRadar, or ArcSight
- SIEM management and configuration for performance tuning and advanced threat detection
- Troubleshooting, incident coordination, and collaboration with SOC teams
- Threat analysis and incident response support using forensic investigation techniques
- Scripting and programming knowledge (Python, Bash, PowerShell)
- Log onboarding, parsing, and normalization
- Correlation rule and detection use case development
- Knowledge of threat detection frameworks such as MITRE ATT&CK
- Experience handling network, endpoint, cloud, and application logs
- Strong analytical and troubleshooting skills
Skills
- English and/or Arabic language skills (written and spoken)
Apply for this job in 1 click
Skip the repetitive application forms
Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.
Trusted by over 500,000 job seekers on Base Career
More from this employer
More jobs at DETASAD
Partner and Alliance Associate
Riyadh, KSA
DETASAD seeks an entry-level Partnership Alliance Associate to support strategic partnerships, contract administration, and go-to-market execution in Riyadh. The role offers exposure to partner engagement and business de
Senior System Engineer
Riyadh, KSA
DETASAD seeks a skilled Microsoft System Engineer to maintain, optimize, and deliver IT infrastructure and cloud services. The role requires 6+ years of hands-on experience in Microsoft systems engineering, including Act
Senior Account Manager
Riyadh, KSA
DETASAD is seeking a Senior Account Manager to develop and maintain long-term client relationships in Riyadh. You will act as the main point of contact, identify growth opportunities, manage contract renewals, and collab
SOC Analyst
Riyadh, KSA
DETASAD is hiring a Level-1 Security Analyst (SOC Analyst) to join a 24x7 security operations team in Riyadh. You will monitor SIEM (LogRhythm), respond to security incidents, and perform vulnerability assessments. Requi
Marketing Specialist
Riyadh, KSA
Job description: Job Summary DETASAD is seeking a proactive and commercially minded Marketing Specialist to join its Digital Marketing & Indirect Sales team. This role is focused on lead generation, customer engagement,