L2 Security Analyst (Splunk & Google Technologies)

📌 𝗗𝗲𝘀𝗰𝗿𝗶𝗽𝘁𝗶𝗼𝗻:

We are seeking a highly skilled L2 Security Analyst to join our Security Operations Center (SOC) team, deployed at Ooredoo's headquarters in Doha. In this role, you will be a key player in defending against sophisticated cyber threats within a cutting-edge hybrid environment. You will serve as the primary technical escalation point for L1 analysts, leveraging your deep expertise in Splunk Enterprise Security and Google Cloud security technologies like Chronicle and Security Command Center. Your responsibilities will include advanced incident investigation, proactive threat hunting, and engineering robust detection mechanisms. This position is crucial for enhancing our operational resilience by improving detection logic, automating response actions, and ensuring rapid containment of security incidents. You will collaborate closely with various security teams to strengthen Ooredoo's overall security posture.

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

🎯 𝗥𝗲𝗾𝘂𝗶𝗿𝗲𝗺𝗲𝗻𝘁𝘀:

▸ Strong hands-on experience with Splunk Enterprise Security (ES), including creating advanced SPL queries and custom correlation searches.

▸ Demonstrated expertise in Google Chronicle SIEM for threat hunting and Google Cloud Security Command Center (SCC) for incident analysis.

▸ Proficiency with Endpoint Detection and Response (EDR) tools such as Trellix EDR and Microsoft Defender for Endpoint.

▸ Solid understanding of network protocols, firewalls, IDS/IPS, endpoint logs, and authentication systems.

▸ Proven ability to conduct root-cause analysis by correlating data from multiple security sources (SIEM, EDR, Cloud).

▸ Experience in developing custom detection rules and use cases mapped to the MITRE ATT&CK framework.

▸ Working knowledge of scripting languages like Python, PowerShell, or Bash for security automation and data manipulation.

▸ Experience with BigQuery for analyzing large-scale security datasets.

✨ 𝗗𝗲𝘀𝗶𝗿𝗮𝗯𝗹𝗲𝘀:

▸ Professional certifications such as Splunk Certified Power User/Admin, Google Cloud Certified Security Engineer, GCIH, or CEH.

▸ Bachelor’s degree in Computer Science, Information Security, or a related discipline.

▸ Experience with Security Orchestration, Automation, and Response (SOAR) platforms, particularly Splunk Phantom.

▸ Familiarity with compliance frameworks like ISO 27001, QCB, or NIA.

▸ Previous experience in mentoring junior security analysts.