Splunk Certified Architect

Job Title: Splunk Certified Architect

Location: Dubai, United Arab Emirates / Muscat, Oman

Experience: Minimum 5 years

Job Type: Full-time

Salary: Competitive, based on experience

Job Summary

We are seeking a highly skilled Splunk Architect with a minimum of 5 years of experience to design, deploy, and optimize end-to-end Splunk implementations, including both Security (SIEM) and/or Observability use cases. The ideal candidate will have hands-on experience with large-scale, production-grade Splunk rollouts (including turnkey implementations) and possess excellent communication and documentation skills to support enterprise-grade delivery in a fast-paced environment.

Key Responsibilities

Architect and implement Splunk Enterprise and Splunk Cloud solutions across security and observability domains.

Lead turnkey Splunk deployments, including architecture design, indexing strategy, data onboarding, and visualization.

Develop and optimize correlation searches, dashboards, reports, and alerts across IT and security use cases.

Design data ingestion pipelines from various sources: Syslog, APIs, cloud logs, firewalls, applications, etc.

Collaborate with stakeholders across cybersecurity, IT operations, DevOps, and compliance teams.

Translate business and technical requirements into scalable and efficient Splunk architectures.

Deliver high-quality technical documentation, architecture diagrams, SOPs, and handover materials.

Provide technical leadership and mentor junior Splunk engineers and administrators.

Work with SOC/NOC teams to integrate Splunk with SOAR tools, threat intel feeds, and MITRE ATT&CK.

Assist with capacity planning, license optimization, and upgrade/migration planning.

Required Qualifications

Minimum 5 years of hands-on Splunk experience, with 2+ years in an architect-level role

Proven success in turnkey Splunk implementations from planning to go-live

Expertise in both Splunk Enterprise Security (ES) and ITSI/Observability

Strong knowledge of search processing language (SPL) and KV store optimizations

Familiarity with cloud integrations (AWS, Azure, GCP) and hybrid log ingestion

Solid understanding of data modeling, CIM compliance, and security data normalization

Experience integrating with SIEM, SOAR, CMDB, and threat intelligence platforms

Strong documentation skills using Confluence, Markdown, or Visio

Excellent verbal and written communication skills; capable of presenting to business and tech audiences

Preferred Qualifications

Splunk Certifications (Architect, Power User, Admin, ES Implementation)

Familiarity with frameworks like MITRE ATT&CK, NIST, ISO 27001, and ITIL

Experience working with Middle Eastern clients or in multicultural teams