Splunk Operations Lead

Overview

Join to apply for the

Splunk Operations Lead

role at

Visible Stars . Get AI-powered advice on this job and more exclusive features. Location

Riyadh Dammam, Eastern, Saudi Arabia Job Type

Full-time Seniority level

Mid-Senior level Job function

Management Industries

IT Services and IT Consulting Responsibilities

Lead daily Splunk operations and ensure SLA adherence. Perform infrastructure management and health checks. Oversee scaling advisement and expansion readiness. Act as the main point of contact for the Bank’s internal teams. Organized support for major incident response efforts. Job Qualifications

Expertise : Splunk Enterprise Certified Architect, minimum 7–10 years in Splunk enterprise deployments. Daily health checks and monitoring of Splunk infrastructure performance (indexers, search heads, deployment servers, cluster masters, etc.). Indexer and search head cluster management (including failover and scaling). Splunk upgrades, patch management, and hotfix applications. License usage monitoring and optimization. Onboarding of new data sources, including parsing, field extractions, and CIM (Common Information Model) compliance. Use Case Lifecycle Management (Development, Tuning, Optimization) : identify security monitoring use cases, develop detection rules, correlation searches, dashboards, and alerts; fine-tune use cases to reduce false positives and improve detection accuracy; align with threat intelligence and regulatory frameworks; map use cases for InfoSec tools and Splunk integrations. Creation and maintenance of dashboards, alerts, reports, and correlation searches. Splunk apps and add-on installation, onboarding, configuration, and lifecycle management. Splunk optimization by troubleshooting ingestion delays, parsing errors, and search performance issues. Storage capacity management and archiving strategies. Implementing and maintaining Role-Based Access Control (RBAC). Support for compliance, audit, and regulatory reporting requirements. Incident response support by ensuring Splunk visibility for detection and investigation. Documentation of processes, configurations, and knowledge transfer. Continuous monitoring for regulatory compliance and specialized reviews & advisory services related to Bank assessments and optimization (e.g., Post-Implementation Review, Data Model Review, Data Source Review, Security Integrations & Monitoring Review, Scaling Advisement & Expansion Readiness, Advanced use case management, quarterly SIEM architecture reviews, evaluation of detection rules, bi-annual SIEM evolution planning). Additional

Post date, postings and other boilerplate have been omitted to focus on the role description and requirements. We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr