[5800A] Support in SIEM (Splunk) software administration

Start date: April 2026
Clearance: NATO Secret or equivalent
Location: Mons, Belgium

Skills
- Management of Splunk components deployed within 50+ T3 enclaves across high-side and low-side networks
- Operation and maintenance of a T2 SIEM environment composed of 80+ Linux servers (virtual and physical)
- Splunk Enterprise
- Splunk Enterprise Security
- Splunk SOAR
- Splunk UBA
- Management of Splunk deployments across more than 350 servers spanning T2 and T3 environments
- Implementation and operation of fully automated deployment and configuration mechanisms based on Ansible and Git. 5 4.2 Log Collection and Data Management
- Collection of logs from more than 20,000 endpoints, appliances, and cloud-based solutions
- Data collection and ingestion
- Parsing and normalization
- Storage and retention
- Categorization and enrichment
- Monitoring of data flows and data quality
- Project-driven onboarding
- Continuous log collection improvements
- Customer-driven requests
- Acting as the technical point of contact for log collection setup
- Supporting customers during the configuration of endpoints, appliances, and other log sources
- Ensuring proper follow-up with customers until log sources are correctly configured and successfully integrated into the Splunk platform
- Clarifying that endpoints, appliances, and other log sources are configured by the customer, with technical guidance and support provided by the SIEM engineer 4.3 Platform Configuration and System-Level Support
- Configuration and management of Splunk components hosted on Linux servers within T2 and T3 environments
- Syslog server configuration
- SELinux configuration
- Other OS-level configurations necessary for proper Splunk operation
- Coordination with the entity responsible for Linux operating system management where responsibilities overlap. 4.4 SIEM Reliability and Operational Quality
- Ensuring that Splunk Enterprise Security is properly configured, operational, and functioning as intended. 6
- Verification that correlation rules are correctly deployed and operate reliably
- Ensuring the overall quality, stability, and reliability of SIEM services delivered to security analysts
- Continuous monitoring of platform health and service performance. 4.5 Continuous Improvement and Operational Support
- Ongoing maintenance and optimization of SIEM and log collection services
- Support for continuous improvements in log coverage, data quality, and platform efficiency
• The Purchaser will support the Contractor's personnel with access to the IT systems as required. The Contractor shall submit requests for change of Contractor's personnel at least 45 days in advance
• The Contractor shall handle the Purchaser's furnished equipment (PFE) with due care
• The Contractor shall install and operate the equipment following the manufacturer's requirements.
• The Contractor shall minimize the impact to the end users during the execution of the work
• The Contractor shall bring immediately to the attention of the Purchaser Point of Contact on-site any issues preventing the execution of the work
• The Contractor's personnel will report to and receive guidance from Purchaser Point of Contact on-site, Team Head and Service Delivery Manager
• The Contractor's personnel shall follow local procedures to obtain physical unescorted access to the SHAPE facilities and logical access to the networks and systems in scope
• The Contractor's personnel shall liaise with other Purchasers' support teams as necessary
• The Contractor's personnel shall use the Purchaser Information Technology Service