Deploy, configure, maintain, and troubleshoot Splunk and QRadar instances.
Manage log ingestion from diverse sources: firewalls, EDR, NDR, applications, cloud, and endpoint systems.
Develop and maintain log parsing rules, custom parsers (QRadar DSMs), and field extractions (Splunk).
Ensure log integrity, completeness, normalization, and compliance with retention policies.
Monitor SIEM performance, storage, EPS (Events per Second), and health metrics.
Tune correlation rules, alerts, and saved searches to reduce false positives.
Maintain data lifecycle management—cold/hot/warm storage (Splunk) and retention buckets (QRadar).
Work with SOC analysts and threat hunters to implement and test detection use cases.
Enable custom dashboards and visualizations to support proactive threat detection.
Support integration with SOAR platforms and ticketing tools (e.g., FortiSOAR, Remedy).
Manage version upgrades and patching of Splunk/QRadar platforms and supporting components.
Perform regular system backups and contribute to disaster recovery (DR) planning and testing.
Maintain architecture diagrams, deployment documentation, and configuration baselines.
Assist in generating compliance and audit reports (e.g., DESC, ISO 27001, NESA).

Requirements:

Bachelor's degree in Computer Science, Information Security, or a related field.
3–5 years of experience as a SIEM Administrator or SIEM Engineer.
Proven hands-on experience with both Splunk and QRadar in enterprise or SOC environments.
Strong knowledge of syslog, regex, JSON/XML, APIs, and log formats.
Familiarity with Splunk components (Indexer, Search Head, Heavy Forwarder, UF, ES) and QRadar components (Console, Event Collector, Event Processor).
Experience with Windows/Linux systems, scripting (Python, Bash, PowerShell), and networking fundamentals.
Understanding of MITRE ATT&CK, threat detection principles, and cyber kill chain.
Splunk Certified Admin / Architect
IBM QRadar Certified Deployment Professional
CompTIA Security+, GSEC, or other relevant certs