Sector: Financial Sector
Location: Candidate must reside in a country where our client has offices (Belgium, France, the Netherlands). UK-based candidates will only be considered via an accredited umbrella company.
๐ Important Notes - Please Read Carefully
Do not contact the Hiring Manager directly. Failure to comply will result in disqualification of your candidates.
A minimum of 8 days per month onsite in Belgium is mandatory.
Submit maximum 3 CVs per request. Any deviation may result in disqualification.
Include a cover sheet as the first page of each CV with the following information:
Name
Location
Availability
Daily Rate
Confirmation of agreement with 8 days/month onsite in Belgium
๐ Role Overview
As part of the Chief Information Security Office (CISO) division, the SIEM Specialist will be responsible for developing and maintaining Splunk-based threat detection capabilities, with a focus on correlation rule tuning, log source integration, and knowledge object creation. This role also includes technical coaching, process documentation, and coordination of threat detection feature development.
๐ฏ Key Responsibilities
Capture and define requirements from internal customers for developing and testing threat detection use cases.
Collaborate with the log source onboarding team to ensure correct data mapping in line with Splunk standards.
Develop, tune, and continuously improve correlation rules.
Design and maintain dashboards, reports, alerts, and knowledge objects within Splunk.
Conduct tests and document evidence for correlation search effectiveness.
Create and update procedures, documentation, and process implementations related to SIEM detection logic.
Provide technical coaching and quality assurance to the team.
Identify and address gaps in existing processes and documentation.
Present technical and non-technical content on SIEM and security solutions to diverse audiences.
Act as a subject matter expert in designing, monitoring, and improving SIEM capabilities.
Manage and prioritize a balanced backlog of threat detection improvements and new features.
๐ ๏ธ Technical Skills
Proven experience in SIEM use case development and maintenance.
Fluent in Splunk Search Processing Language (SPL).
Deep knowledge of Splunk Enterprise and Splunk Enterprise Security.
Understanding of the Splunk Common Information Model (CIM) and log normalization.
Strong cybersecurity fundamentals (protocols, tools, threat landscapes).
Excellent written and spoken English.
โ Certifications (Preferred)
Must-have: Splunk Core Certified Power User (Advanced)
Nice to have:
Splunk Certified Developer
Splunk Enterprise Certified Admin
Splunk Enterprise Security Certified Admin
Other relevant security certifications (e.g. CEH, GIAC, CISSP, OSCP)
๐ผ Soft Skills
Strong analytical and problem-solving mindset, especially under pressure.
Well-organized, accurate, and detail-oriented.
Able to communicate complex topics clearly and confidently.
Fast learner, self-motivated, and adaptable.
Client-oriented, delivery-driven, and team-focused.
Strong interpersonal and coordination skills; able to influence across teams and levels.
Capable of working independently and taking initiative.
๐ป Remote Work Requirements
A minimum of 8 days per month onsite in the Belgium office is required. The rest of the work can be performed remotely, subject to agreement.
