G42
Lead SOC Engineer (SIEM & SOAR)
- Permanent
- Abu Dhabi, United Arab Emirates
- Experience 5 - 10 yrs
Job overview
Date posted
13/11/2025
Location
Abu Dhabi, United Arab Emirates
Salary
AED 30,000 - 40,000 per month
Compensation
Comprehensive package + relocation
Experience
5 - 10 yrs
Seniority
Senior & Lead
Qualification
Bachelors degree
Expiration date
28/12/2025
Job description
The Lead SOC Engineer (SIEM & SOAR) at CPX is a senior technical leadership role responsible for managing and optimizing the organizationās Splunk-based SIEM and SOAR infrastructure. The position plays a key role in ensuring high-quality security event management, automation, and response capabilities within the Security Operations Center (SOC). The role involves working closely with internal teams, clients, and stakeholders to onboard new log sources, enhance telemetry, and design efficient automated playbooks that improve incident response times. The Lead SOC Engineer will also be responsible for ensuring system stability, performance, and compliance with cybersecurity best practices while mentoring junior SOC staff and contributing to long-term architectural improvements.
Required skills
Key responsibilities
- Deliver and maintain Splunk SIEM and SOAR management services across the SOC environment
- Lead the onboarding, normalization, and optimization of log sources to enhance telemetry and visibility
- Design, implement, and maintain automation playbooks in SOAR platforms such as Splunk SOAR, Cortex XSOAR, or FortiSOAR
- Integrate SIEM/SOAR with ticketing, threat intelligence, and endpoint detection tools to streamline incident response
- Monitor system health, perform upgrades, and troubleshoot performance or data ingestion issues within the Splunk ecosystem
- Ensure data normalization and CIM (Common Information Model) compliance for effective correlation and reporting
- Collaborate with SOC analysts, incident responders, and client stakeholders to resolve technical and operational issues
- Enhance detection capabilities using advanced search queries, dashboards, and correlation rules in Splunk SPL
- Develop and maintain standard operating procedures (SOPs) and technical documentation for SOC operations
- Contribute to SOC architecture strategy, security automation initiatives, and technology roadmap development
- Mentor and train junior SOC engineers to build technical and operational proficiency within the team
- Prepare and deliver operational and performance reports to management and stakeholders
Experience & skills
- Minimum of 8 years of experience in SOC operations or cybersecurity engineering, with significant exposure to Splunk SIEM and SOAR management
- Proficiency with Splunk administration, SPL query design, data normalization, and CIM mapping
- Hands-on experience designing and implementing automation playbooks in SOAR platforms (Splunk SOAR, Cortex XSOAR, or FortiSOAR)
- Strong understanding of SOC operations, MITRE ATT&CK framework, and threat detection methodologies
- Ability to troubleshoot and optimize log source onboarding across cloud, network, and endpoint environments
- Strong scripting ability, particularly in Python, for automation and system integration tasks
- Excellent communication and documentation skills with proven ability to collaborate across teams and clients
- Cloud certifications such as AWS, Azure, or Google Cloud Architect are preferred
- Security certifications such as Splunk Certified Architect, CISSP, GIAC, or equivalent are highly desirable
- Networking certifications (CCNA, CCNP) are an advantage
