Splunk SIEM Engineer (RE)

Innovative Solutions (IS) is a leading Cybersecurity company established in 2003, with its headquarters in Riyadh and additional offices in Al Khobar, Jeddah, Dubai, and Abu Dhabi. We specialize in delivering Comprehensive Cybersecurity Solutions and Services encompassing Advisory Services, Technical Assurance, Solution Deployment, Professional Services, and Managed Security Services.

Our mission is "Delivering secure and intelligent digital services that empower organizations"

We are seeking a Splunk SIEM Engineer to provide hands-on support, administration, optimization, and continuous enhancement of the Splunk environment. The role is responsible for ensuring the reliability, performance, and effectiveness of Splunk services while supporting security monitoring and operational use cases.

• Perform indexing and data ingestion activities, including ingesting, parsing, and indexing log sources to ensure accurate, consistent, and searchable data.

• Identify and resolve ingestion-related issues such as parsing errors, timestamp extraction problems, event breaking, line breaking, and truncation.

• Monitor Splunk system performance and optimize queries, dashboards, index configurations, and data retention policies to meet defined SLAs.

• Review existing Splunk architecture and indexing capacity, and provide recommendations to improve scalability, reliability, and cost efficiency.

• Design, configure, and maintain alerts, correlation searches, dashboards, and reports based on operational and user requirements.

• Diagnose system issues and failures, conduct root-cause analysis, implement remediation actions, and perform follow-up verification.

• Ensure the Splunk environment follows security best practices and applicable compliance requirements, including access controls and auditing.

• Maintain up-to-date technical documentation, runbooks, and user guides.

• Deliver knowledge-transfer sessions to operations and engineering teams.

• Maintain a comprehensive inventory of Splunk content, including dashboards, saved searches, alerts, correlation searches, lookup tables, macros, knowledge objects, and use cases.

• Classify Splunk content by owner, business function, usage frequency, and last modified date.

• Provide end-to-end SIEM capabilities, including detection, alerting, and response for security threats and operational risks.

• Develop and maintain detection logic, required data sources, alert severity and thresholds, dashboards, runbooks/playbooks, and SLA-aligned acceptance criteria.

• Review connected data sources to assess data quality and completeness, and report findings with onboarding readiness recommendations.

• Provide a Splunk maturity roadmap aligned with the organization's current maturity level.

• Assess log quality for high-volume sources and recommend source optimization to maximize value and reduce cost.

• Review existing Splunk content and recommend consolidation, optimization, or creation of new use cases.

• Provide hands-on operational support and assist in removing technical or operational blockers.

• Develop standardized workflows and guidance for building, validating, and operationalizing new Splunk use cases.

• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• 3–5 years of relevant experience in Splunk administration, engineering, or SIEM operations.
• Strong understanding of Splunk architecture and data flow concepts.
• Solid knowledge of security operations and SIEM principles.
• Ability to analyze system performance and identify optimization opportunities.
• Strong analytical and problem-solving skills for diagnosing system and data issues.
• Good understanding of security best practices and compliance concepts.
• Ability to work with technical documentation and structured operational processes.
• Strong communication skills for coordination with technical and operational teams.
• Familiarity with AI tools and technologies.