SOC Engineer - Splunk | Cribl - SC Cleared in London

SOC Engineer - Splunk | Cribl - SC Cleared in London

London Temporary 55000 - 65000 £ / year (est.) Home office (partial)
Layer7

At a Glance

  • Tasks: Design and optimise security data pipelines using Cribl and Splunk for a UK public sector SOC.
  • Company: Join a leading tech firm focused on cybersecurity in a collaborative environment.
  • Benefits: Earn £550 per day, enjoy hybrid work, and gain valuable experience in a regulated setting.
  • Other info: Initial 6-month contract with excellent career growth opportunities.
  • Why this job: Make a real impact in cybersecurity while working with cutting-edge technologies.
  • Qualifications: Experience in SOC engineering, Cribl, and Splunk is essential.

The predicted salary is between 55000 - 65000 £ per year.

Location: London (Hybrid - 2 days per week onsite)

Work Pattern: Hybrid - 2 days per week onsite in London

Duration: 6 months initially

Rate: £550 per day

IR35 Status: Outside IR35

Clearance: Active SC Clearance

Overview

This is an Outside IR35 contract - a genuinely attractive opportunity offering strong take-home pay for a specialist SOC Engineer with deep Splunk and Cribl expertise. We are seeking an SOC Engineer to design, build and optimise the security data pipeline underpinning a UK public sector Security Operations Centre. This is a hands-on engineering role centred on Cribl Stream and Splunk Enterprise Security: you will own end-to-end log onboarding, shape and route telemetry through Cribl, and ensure high-quality, normalised data lands in Splunk to drive reliable detection. Working alongside SOC analysts and wider engineering teams, you will improve detection coverage, control ingest cost, and support secure-by-design delivery within a complex, regulated government environment.

Key Responsibilities

  • Design, build and administer Cribl Stream pipelines, routes, packs and worker groups to filter, enrich, route and redact security telemetry before ingestion
  • Own end-to-end log onboarding across cloud (AWS, Azure, M365) and on-premises sources, including parsing, normalisation and Splunk Common Information Model (CIM) mapping
  • Optimise Splunk ingest volume and licence cost by strategically filtering, sampling and summarising data within Cribl
  • Administer and tune Splunk Enterprise Security (ES) in a distributed deployment, including index-time processing, props/transforms and search performance
  • Develop and maintain correlation searches, notable events, Risk-Based Alerting (RBA) and dashboards to improve detection coverage
  • Work with SOC analysts to translate detection requirements into reliable data sources, use cases and tuned alerts
  • Build and maintain data onboarding as code, applying GitOps and CI/CD practices for repeatable, controlled change
  • Troubleshoot data quality, latency and pipeline issues across the Cribl and Splunk estate
  • Document data flows, onboarding standards and engineering runbooks
  • Contribute to secure-by-design delivery and to outcomes under the NCSC Cyber Assessment Framework (CAF)

Essential Skills

  • Strong commercial experience as a SOC/Security Engineer building and operating SIEM data pipelines
  • Hands-on Cribl Stream experience - designing and managing routes, pipelines, packs and worker groups for log routing, enrichment and reduction
  • Deep Splunk experience, including Enterprise Security (ES) administration in distributed environments
  • Strong SPL, data models, dashboards and search optimisation skills
  • Expertise in data onboarding, parsing, index-time processing, normalisation and CIM mapping (props/transforms)
  • Experience reducing Splunk ingest volume and licence cost through telemetry pipeline optimisation
  • Log onboarding from cloud (AWS, Azure, M365) and on-premises systems
  • Scripting in Python or PowerShell for data manipulation and API interaction
  • Working knowledge of Linux (RHEL) and Windows administration
  • Active SC Clearance

Nice To Have

  • Cribl certification, or experience with Cribl Edge and Cribl Search
  • Splunk certifications (eg Splunk Enterprise Security Certified Admin)
  • Experience with GitOps and CI/CD tooling for detection and onboarding as code
  • Exposure to detection engineering and MITRE ATT&CK-aligned content development
  • Experience operating within NCSC CAF/GovAssure or similarly regulated public sector environments

SOC Engineer - Splunk | Cribl - SC Cleared in London employer: Layer7

Join a forward-thinking organisation that values innovation and expertise, offering SOC Engineers the chance to work on critical projects within the UK public sector. With a hybrid work model in London, employees enjoy a collaborative culture that fosters professional growth through hands-on experience with cutting-edge technologies like Splunk and Cribl. The company prioritises employee well-being and development, ensuring a rewarding environment for those looking to make a meaningful impact in cybersecurity.

Layer7

Contact Details:

Layer7 Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land SOC Engineer - Splunk | Cribl - SC Cleared in London

Get Engaged in Cybersecurity Communities

Dive into online forums or local meetups, like OWASP events or Cybersecurity conferences. These spaces are packed with pros who can share insights and might even know about temporary roles at places like Layer7.

Showcase Your Skills Publicly

Link your GitHub or create a series of blogs sharing your knowledge on cybersecurity topics. It’s a great way to demonstrate your expertise and attract attention from hiring managers, especially when they see your passion in action.

Stay On Top of Temp Opportunities

Keep an eye on platforms that list temporary positions specifically in tech. Websites focusing on contract roles in cybersecurity can lead straight to employers like Layer7.

Make Contact with Recruiters Specialising in Cybersecurity

Reach out to recruitment agencies that focus on cybersecurity roles. They often have insights into temporary roles before they’re advertised and can put your name forward to companies like Layer7.

We think you need these skills to ace SOC Engineer - Splunk | Cribl - SC Cleared in London

SOC Engineering
Splunk
Cribl Stream
Log Onboarding
Data Pipeline Optimisation
SPL (Search Processing Language)
Data Models

Some tips for your application 🫡

Show Off Your Technical Skills:In cybersecurity, it's vital to highlight your skills with relevant tools and technologies. Make sure your CV showcases your experience with firewalls, intrusion detection systems, and any cybersecurity frameworks you've worked with. This gives Layer7 a clear view of your capabilities right off the bat.

Certifications Matter:If you’ve got any cybersecurity certifications, like CompTIA Security+ or CISSP, flaunt them! These not only validate your skills but also show that you’re committed to the field. Add a section to your CV specifically for this, because in a temporary role like this, those credentials can really set you apart.

Tailor Your Cover Letter to the Role:For a temporary position, we want to see your willingness to learn and adapt quickly. Make your cover letter specific to the role at Layer7; mention why you’re excited about the opportunity and how it fits your career goals. A personal touch can make a big difference!

Don’t Forget the Soft Skills:In cybersecurity, technical skills are crucial, but so are soft skills like teamwork and communication. Make sure to weave examples of how you've collaborated with teams or communicated complex ideas into your application. This shows that you're not just a tech whizz but also a great team player, perfect for a temporary role at Layer7.

How to prepare for a job interview at Layer7

Brush Up on Technical Skills

Make sure you’re familiar with the latest cybersecurity tools and techniques, like firewalls, intrusion detection systems, and malware analysis. During the interview with Layer7 for the SOC Engineer - Splunk | Cribl - SC Cleared, be prepared to discuss specific scenarios where you tackled security threats or vulnerabilities.

Show Your Problem-Solving Prowess

Cybersecurity is all about thinking on your feet. Expect technical questions that require you to demonstrate your problem-solving abilities. You might be presented with a mock security breach scenario, so practising your responses to potential threats can be a game changer!

Demonstrate Your Adaptability

As this is a temporary role, showing that you're adaptable and quick to learn is crucial. Talk about times you've picked up new skills or reacted to changing situations quickly. Employers want to know you can hit the ground running and keep things secure during your short stay at Layer7.

Bring Relevant Certifications

If you have any relevant cybersecurity certifications, like CompTIA Security+ or CEH, be sure to mention them. This can really help you stand out during a temporary hiring process, as it showcases your commitment to the field and your readiness to take on the SOC Engineer - Splunk | Cribl - SC Cleared role at Layer7.