We are seeking a highly skilled and experienced SIEM Administrator to join our Cybersecurity team at VaporVM. The ideal candidate will be responsible for the deployment, configuration, optimization, and administration of Security Information and Event Management (SIEM) systems to support threat detection, compliance, and incident response activities. You will play a key role in maintaining and enhancing the organization’s cybersecurity posture across our IT infrastructure.
Key Responsibilities:
- Deploy, configure, manage, and fine-tune SIEM platforms (e.g., Splunk, IBM QRadar, ArcSight, LogRhythm, etc.).
- Onboard log sources, create custom parsers, and configure correlation rules to detect anomalies and threats.
- Perform health checks, maintenance, tuning, and upgrades of SIEM solutions to ensure high availability and performance.
- Develop and maintain documentation for SIEM architecture, use cases, and integration processes.
- Work closely with SOC analysts and incident response teams to refine alerts and enhance detection capabilities.
- Monitor data ingestion from various IT assets (firewalls, endpoints, applications, databases, cloud platforms, etc.).
- Investigate system-generated alerts, validate data integrity, and ensure compliance with security best practices.
- Assist in compliance initiatives (ISO 27001, NCA, SAMA, GDPR, etc.) by generating reports and dashboards as required.
- Collaborate with internal IT and external vendors for troubleshooting and integration of security logs and tools.
- Conduct regular audits and reviews of SIEM effectiveness and security monitoring processes.
Required Skills and Qualifications:
- Bachelor’s degree in Computer Science, Information Security, Cybersecurity, or a related field.
- 4 to 7 years of hands-on experience in SIEM administration and security operations.
- Strong knowledge of log management, event correlation, threat intelligence integration, and alert tuning.
- Proficient in scripting languages such as Python, PowerShell, or Bash for automation and parsing.
- Familiarity with network protocols, firewalls, IDS/IPS, vulnerability scanners, and endpoint security tools.
- Experience working in or supporting Security Operations Centers (SOC).
- Understanding of regulatory compliance frameworks such as NCA ECC, SAMA, ISO 27001, PCI-DSS, etc.
- Industry certifications such as SIEM-specific (Splunk Certified Admin, QRadar Certified Specialist), CEH, or CompTIA Security+ are a plus.
- Strong problem-solving skills and ability to work under pressure in a fast-paced environment.
- Excellent communication and documentation skills in English (Arabic is a plus).
Work Conditions:
Language Requirements:
- Proficient in English (Arabic is a plus).
Location: Riyadh, Saudi Arabia (On-site)
