Talent.com
This job offer is not available in your country.
Sr. IT Security Engineer (SIEM, NDR )

Sr. IT Security Engineer (SIEM, NDR )

Total-TECH Co.Riyadh, Riyadh Region, Saudi Arabia
30+ days ago
Job description

The Job Description

  • Design, deploy, and maintain Splunk Enterprise, and Splunk ES (Enterprise Security) for advanced security analytics.
  • Develop and optimize Splunk dashboards, alerts, correlation searches, and threat intelligence integrations.
  • Manage Splunk data ingestion pipelines, including log parsing, normalization, and enrichment.
  • Integrate and analyze NDR solutions such as Darktrace, ExtraHop, Vectra AI, or Corelight with Splunk.
  • Develop custom detections and alerts based on network anomalies, behavioral analysis, and threat intelligence.
  • Correlate NDR telemetry with SIEM logs to detect advanced network-based attacks (e.g., lateral movement, C2 traffic).
  • Deploy and manage deception technologies such as Illusive Networks, TrapX, Fidelis Deception, or Attivo Networks.
  • Integrate honeypots, decoy systems, and fake credentials to lure and detect adversaries.
  • Create and fine-tune custom deception campaigns to simulate real-world attack scenarios.
  • Automate deception-related alerts and incident response workflows within Splunk ES & SOAR.
  • Design correlation rules, SIEM-based threat models, and security detections aligned with MITRE ATT&CK.
  • Collaborate with SOC teams to enhance incident detection and response capabilities.
  • Conduct log management audits, forensic investigations, and security assessments.
  • Document Splunk configurations, runbooks, and security procedures.

Requirements :

  • 5+ years of experience as a Splunk Engineer, SIEM Engineer, or Security Operations Engineer.
  • Expertise in Splunk ES, Splunk SOAR, and Splunk search processing language (SPL).
  • Hands-on experience with Network Detection & Response (NDR) platforms like Darktrace, ExtraHop, Vectra AI, or Corelight.
  • Experience with security deception tools such as Attivo Networks, Illusive Networks, or Fidelis Deception.
  • Strong understanding of network security, log analysis, and SIEM threat detection methodologies.
  • Splunk Certified Architect or Splunk Enterprise Security Certified Admin.
  • Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Security, or a related field (or equivalent experience).

    • #J-18808-Ljbffr

    Create a job alert for this search

    Security Engineer • Riyadh, Riyadh Region, Saudi Arabia