SIEM Architect

We are looking for an experienced SIEM Engineer / Architect to design, deploy, and optimize enterprise-scale SIEM platforms within a modern Security Operations Centre (SOC). This role is suited to individuals who have end-to-end experience architecting and implementing SIEM solutions, rather than those limited to day-to-day alert handling or basic configuration. You will play a key role in shaping SOC architecture, ensuring high-quality log ingestion, detection engineering, and alignment to operational security requirements.

Location: Riyadh, Saudi Arabia (On-site)
Work Conditions: Contract, On-site

Key Responsibilities:

• Design, architect, and deploy centralized SIEM solutions for complex enterprise environments.
• Lead full SIEM implementations, including:
  • Log source onboarding (apps, endpoints, network, cloud, identity)
  • Data normalization and parsing
  • Use-case design and alert strategy
• Ensure SIEM platforms provide meaningful, high-fidelity security analytics rather than noise.
• Work closely with SOC teams to align SIEM capabilities with detection, response, and escalation processes.
• Collaborate with stakeholders across IT, infrastructure, cloud, and security engineering.
• Provide guidance on SIEM best practices, scalability, and performance optimization.
• Support the integration of SIEM solutions into wider SOC architecture, tooling, and workflows.

Required Experience & Skills:

• Proven experience designing, architecting, and fully deploying SIEM platforms (not limited to "click-through" configuration).
• Strong hands-on experience with one or more enterprise SIEM technologies, including:
  • Splunk
  • IBM QRadar
  • LogRhythm
  • ArcSight
• Strong understanding of SOC architecture, including:
  • Log pipelines
  • Detection workflows
  • Triage and escalation models
• Experience working with logs from applications, infrastructure, security devices, and user activity.
• Ability to translate business and security requirements into technical SIEM designs.