Job Description
o Expertise: Splunk Enterprise Certified Architect, minimum 7–10 years in Splunk enterprise deployments.
o Responsibilities:
? Lead daily Splunk operations and ensure SLA adherence.
? Perform infrastructure management and health checks.
? Oversee scaling advisement and expansion readiness.
? Act as the main point of contact for the Bank’s internal teams.
? Organized support for major incident response efforts
Job qualifications:
• Daily health checks and monitoring of Splunk infrastructure performance (indexers, search heads, deployment servers, cluster masters, etc.).
• Indexer and search head cluster management (including failover and scaling).
• Splunk upgrades, patch management, and hotfix applications.
• License usage monitoring and optimization.
• Onboarding of new data sources, including parsing, field extractions, and CIM (Common Information Model) compliance.
• Use Case Lifecycle Management (Development, Tuning, Optimization):
o Work with stakeholders to identify security monitoring use cases.
o Develop new detection rules, correlation searches, dashboards, and alerts.
o Fine-tune existing use cases to reduce false positives and improve detection accuracy.
o Align all use cases with threat intelligence (MITRE ATT&CK, local TTPs, sectoral threats).
o Map use cases to regulatory frameworks (SAMA CSF, NCA ECC/CCC, PCI DSS).
o Develop use cases based on frameworks such as MITRE ATT&CK, OWASP.
o Map Use-cases for InfoSec tool, security technologies & cover additional InfoSec tool Splunk integration
• Creation and maintenance of dashboards (supporting threat hunting, data sources coverage, critical assets coverage and endpoint security control coverage), alerts, reports, and correlation searches.
• Splunk apps and add-on installation, application onboarding, configuration, and lifecycle management.
• Splunk optimization by troubleshooting ingestion delays, parsing errors, and search performance issues.
• Storage capacity management and archiving strategies.
• Implementing and maintaining Role-Based Access Control (RBAC).
• Support for compliance, audit, and regulatory reporting requirements.
• Incident response support by ensuring Splunk visibility for detection and investigation.
• Documentation of processes, configurations, and knowledge transfer.
• Continuous monitoring for regulatory compliance
Specialized Reviews & Advisory Services
The Bank requires to utilize Splunk services to perform assessments and optimizations, specifically:
1. Post-Implementation Review
2. Data Model Review
3. Data Source Review
4. Security Integrations & Monitoring Review
5. Scaling Advisement & Expansion Readiness Assessment
6. Advanced use case management
7. Quarterly review of SIEM Architecture & Security Posture
8. Evaluation of existing detection rules
9. Bi-Annual review for planning of SIEM evolution and enhancement
