Splunk Operations Lead

Riyadh

• Job Type: full-time
• Category: SUP
• Post Date: 09/10/2025

Expertise:
Splunk Enterprise Certified Architect, minimum 710 years in Splunk enterprise deployments.

• Lead daily Splunk operations and ensure SLA adherence.
• Perform infrastructure management and health checks.
• Oversee scaling advisement and expansion readiness.
• Act as the main point of contact for the Bank’s internal teams.
• Organized support for major incident response efforts.

• Daily health checks and monitoring of Splunk infrastructure performance (indexers, search heads, deployment servers, cluster masters, etc.).
• Indexer and search head cluster management (including failover and scaling).
• Splunk upgrades, patch management, and hotfix applications.
• License usage monitoring and optimization.
• Onboarding of new data sources, including parsing, field extractions, and CIM (Common Information Model) compliance.
• Use Case Lifecycle Management (Development, Tuning, Optimization):
  • Work with stakeholders to identify security monitoring use cases.
  • Develop new detection rules, correlation searches, dashboards, and alerts.
  • Fine-tune existing use cases to reduce false positives and improve detection accuracy.
  • Align all use cases with threat intelligence (MITRE ATT&CK, local TTPs, sectoral threats).
  • Map use cases to regulatory frameworks (SAMA CSF, NCA ECC/CCC, PCI DSS).
  • Develop use cases based on frameworks such as MITRE ATT&CK, OWASP.
  • Map Use-cases for Info Sec tool, security technologies & cover additional Info Sec tool Splunk integration.
• Creation and maintenance of dashboards (supporting threat hunting, data sources coverage, critical assets coverage and endpoint security control coverage), alerts, reports, and correlation searches.
• Splunk apps and add-on installation, application onboarding, configuration, and lifecycle management.
• Splunk optimization by troubleshooting ingestion delays, parsing errors, and search performance issues.
• Storage capacity management and archiving strategies.
• Implementing and maintaining Role-Based Access Control (RBAC).
• Support for compliance, audit, and regulatory reporting requirements.
• Incident response support by ensuring Splunk visibility for detection and investigation.
• Documentation of processes, configurations, and knowledge transfer.
• Continuous monitoring for regulatory compliance Specialized Reviews & Advisory Services The Bank requires to utilize Splunk services to perform assessments and optimizations, specifically:
  1. Post‑Implementation Review
  2. Data Model Review
  3. Data Source Review
  4. Security Integrations & Monitoring Review
  5. Scaling Advisement & Expansion Readiness Assessment
  6. Advanced use case management
  7. Quarterly review of SIEM Architecture & Security Posture
  8. Evaluation of existing detection rules 9. Bi‑Annual review for planning of SIEM evolution and enhancement