Endpoint, SIEM, Splunk, Log Management & XDR Specialist

We are seeking a skilled Endpoint, SIEM, Splunk, Log Management & XDR Specialist to enhance our Security Operations capabilities in Riyadh, Saudi Arabia. This full-time on-site role focuses on endpoint security, SIEM engineering, threat detection, and incident response using leading XDR and SIEM platforms.

Key Responsibilities:

• Deploy, manage, and maintain XDR and EPP agents across all endpoints and servers.
• Investigate and respond to malware, exploits, and fileless attack incidents.
• Tune security policies to improve detection accuracy and reduce false positives.
• Integrate endpoint telemetry with SIEM and XDR platforms to ensure unified visibility.
• Prepare and present monthly endpoint risk and compliance reports.
• Design, deploy, and manage Splunk SIEM architecture, including indexers, forwarders, and syslog collectors.
• Integrate logs from firewalls, endpoints, NDR, DLP, WAF, SOAR, cloud, and SaaS platforms into a centralized SIEM.
• Develop custom detection rules, dashboards, and correlation searches to identify potential threats.
• Optimize syslog parsing, field extraction, and indexing to ensure performance and cost efficiency.
• Collaborate with Threat Intelligence and SOAR teams to automate incident response workflows.
• Manage log retention policies to meet compliance requirements (e.g., NCA, PCI DSS, GDPR).
• Deliver weekly security dashboards and monthly SIEM health and detection performance reports.

Technology Stack:

• XDR/EPP: Palo Alto Cortex XDR, Kaspersky EPP
• SIEM: Splunk
• Security Platforms: Firewalls, NDR, DLP, WAF, SOAR
• Compliance Frameworks: NCA, PCI DSS, GDPR