Senior Cyber Security Splunk SME

Overview

About Us

We’re a rapidly growing, people‑first technology organisation and part of a $1B global service provider delivering end‑to‑end IT Outsourcing (ITO) and Cyber Defence services to clients across the UK and beyond. Our mission is simple: to protect our clients’ digital environments while empowering our people to grow, thrive, and make a difference. We believe our people are the driving force behind our success – their curiosity, collaboration and commitment define who we are.

The Opportunity

We are looking for a skilled Splunk Specialist to deliver end-to-end Splunk engagements, helping clients build and enhance their security monitoring capabilities. You will lead the full project lifecycle, from requirements gathering and stakeholder engagement through to data onboarding, alert development and dashboard creation, ensuring solutions are aligned to both business and security objectives.

You will bring strong hands‑on experience with Splunk Enterprise Security and a proven track record in delivering cybersecurity projects. This includes designing and implementing detection use cases, tuning alerts and developing dashboards that provide clear, actionable insights for security operations teams.

Experience with SOAR and UEBA technologies is advantageous but not essential. This role suits someone who enjoys working in a client‑facing environment, solving complex challenges and contributing to the ongoing evolution of modern Security Operations Centres.

Responsibilities

What You’ll Be Doing

• Design, build and continuously enhance detection capabilities within Splunk across Linux and Windows environments, including log onboarding, normalisation and enrichment
• Develop and maintain high‑quality detection content such as correlation searches and risk‑based alerting within Splunk Enterprise Security
• Write and optimise complex queries to support threat detection, proactive threat hunting and anomaly identification
• Map detection logic to adversary behaviours using the MITRE ATT&CK Framework, ensuring effective coverage of tactics, techniques and procedures
• Work with the wider Splunk ecosystem, including tools such as TrackMe, and contribute to automation and orchestration initiatives (including exposure to SOAR where applicable)
• Leverage scripting languages such as Python and PowerShell to automate detection logic, enrich data and integrate with security workflows
• Provide mentorship and technical guidance to junior engineers, particularly on Splunk back‑end activities such as data ingestion, parsing, indexing and troubleshooting
• Collaborate closely with SOC analysts, incident responders and global engineering teams to improve detection and response capabilities
• Apply strong analytical and problem‑solving skills to translate threat intelligence into actionable detection use cases and continuously improve security operations

Qualifications

What We’re Looking For

Essential

• Experience working on multiple projects with broad scope, ambiguity and a high degree of difficulty
• Demonstrable proficiency across a wide range of IT and cybersecurity technologies
• Strong knowledge of key cybersecurity domains, including Identity and Access Management and Incident Management
• High‑level analytical ability to solve unusual and complex problems
• Ability to maintain up‑to‑date working knowledge of cybersecurity principles and best practices
• Experience in senior stakeholder management and providing clear, relevant management reportingClear, professional communication – written and verbal.
• Eligibility to work in the UK.

Desirable

• Experience in technology projects such as cyber infrastructure implementation or replacement initiatives
• Understanding of global program structures, launch plans, timing and ownership
• Ability to coach and mentor team members through knowledge transfer and constructive feedback