About this Senior Specialist Cybersecurity Production role at TAWANTECH
· Provide end-to-end production support for cybersecurity platforms including Splunk (SIEM), SOAR, and VPN
infrastructure ensuring high availability and service reliability.
· Monitor security platforms, dashboards, and alerts to ensure continuous operational effectiveness and
proactive issue detection.
· Manage Incident, Problem, and Change processes in accordance with ITIL standards, ensuring timely
resolution and proper escalation.
· Perform root cause analysis (RCA) for system outages, performance degradation, and security incidents,
ensuring corrective and preventive actions are implemented.
· Administer and support Splunk use cases, correlation rules, log ingestion pipelines, and performance
optimization.
· Operate and maintain SOAR playbooks, workflows, and automation scripts to enhance incident response and
reduce manual intervention.
· Support VPN technologies including secure remote access, site-to-site connectivity, authentication
mechanisms, and encryption protocols.
· Ensure compliance with SAMA Cybersecurity Framework, NCA ECC, PDPL, and NDMO data governance
and classification requirements.
· Execute Disaster Recovery (DR) and Business Continuity Plan (BCP) activities including regular testing,
failover validation, and documentation updates.
· Collaborate with internal security teams, infrastructure teams, and external vendors for issue resolution,
patching, upgrades, and system enhancements.
· Maintain operational documentation including runbooks, SOPs, playbooks, system configurations, and
knowledge base articles.
· Implement monitoring, alert tuning, and automation to improve detection accuracy, reduce false positives, and
increase operational efficiency.
· Track KPIs, SLAs, and system performance metrics for cybersecurity platforms and produce operational
reports.
Requirements
· Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or related field.
· 4–8 years of experience in cybersecurity production support within banking or financial services environments.
· Hands-on experience with Splunk (Enterprise / ES), SOAR platforms (e.g., Cortex XSOAR, Splunk SOAR), and VPN solutions (e.g., IPSec, SSL VPN). · Strong understanding of SIEM use cases, log management, threat detection, and incident response workflows. · Experience with ITIL processes including Incident, Problem, and Change Management. · Exposure to SAMA regulations, NCA ECC controls, PDPL, and NDMO data governance frameworks. · Experience working with vendors and managed service providers for cybersecurity tools and platforms. · Familiarity with DR/BCP planning, execution, and audit requirements. · Basic scripting or automation knowledge (Python, PowerShell, or similar) is preferred.