SOC Engineer - Splunk | Cribl - SC Cleared

SOC Engineer - Splunk | Cribl - SC Cleared

Freelance 39600 - 55000 £ / year (est.) Home office (partial)
Layer7

At a Glance

  • Tasks: Design and optimise security data pipelines using Cribl and Splunk for a UK public sector SOC.
  • Company: Join a leading tech firm focused on enhancing cybersecurity in the public sector.
  • Benefits: Competitive daily rate, hybrid work model, and opportunities for professional growth.
  • Other info: Initial 6-month contract with potential for extension and excellent career development.
  • Why this job: Make a real impact on national security while working with cutting-edge technologies.
  • Qualifications: Experience in SOC engineering, Cribl, and Splunk is essential.

The predicted salary is between 39600 - 55000 £ per year.

Location: London (Hybrid - 2 days per week onsite)

Work Pattern: Hybrid - 2 days per week onsite in London

Duration: 6 months initially

Rate: £550 per day

IR35 Status: Outside IR35

Clearance: Active SC Clearance

Overview

This is an Outside IR35 contract - a genuinely attractive opportunity offering strong take-home pay for a specialist SOC Engineer with deep Splunk and Cribl expertise. We are seeking an SOC Engineer to design, build and optimise the security data pipeline underpinning a UK public sector Security Operations Centre. This is a hands‑on engineering role centred on Cribl Stream and Splunk Enterprise Security: you will own end‑to‑end log onboarding, shape and route telemetry through Cribl, and ensure high-quality, normalised data lands in Splunk to drive reliable detection. Working alongside SOC analysts and wider engineering teams, you will improve detection coverage, control ingest cost, and support secure‑by‑design delivery within a complex, regulated government environment.

Key Responsibilities

  • Design, build and administer Cribl Stream pipelines, routes, packs and worker groups to filter, enrich, route and redact security telemetry before ingestion
  • Own end-to-end log onboarding across cloud (AWS, Azure, M365) and on‑premises sources, including parsing, normalisation and Splunk Common Information Model (CIM) mapping
  • Optimise Splunk ingest volume and licence cost by strategically filtering, sampling and summarising data within Cribl
  • Administer and tune Splunk Enterprise Security (ES) in a distributed deployment, including index‑time processing, props/transforms and search performance
  • Develop and maintain correlation searches, notable events, Risk‑Based Alerting (RBA) and dashboards to improve detection coverage
  • Work with SOC analysts to translate detection requirements into reliable data sources, use cases and tuned alerts
  • Build and maintain data onboarding as code, applying GitOps and CI/CD practices for repeatable, controlled change
  • Troubleshoot data quality, latency and pipeline issues across the Cribl and Splunk estate
  • Document data flows, onboarding standards and engineering runbooks
  • Contribute to secure‑by‑design delivery and to outcomes under the NCSC Cyber Assessment Framework (CAF)

Essential Skills

  • Strong commercial experience as a SOC/Security Engineer building and operating SIEM data pipelines
  • Hands‑on Cribl Stream experience - designing and managing routes, pipelines, packs and worker groups for log routing, enrichment and reduction
  • Deep Splunk experience, including Enterprise Security (ES) administration in distributed environments
  • Strong SPL, data models, dashboards and search optimisation skills
  • Expertise in data onboarding, parsing, index‑time processing, normalisation and CIM mapping (props/transforms)
  • Experience reducing Splunk ingest volume and licence cost through telemetry pipeline optimisation
  • Log onboarding from cloud (AWS, Azure, M365) and on‑premises systems
  • Scripting in Python or PowerShell for data manipulation and API interaction
  • Working knowledge of Linux (RHEL) and Windows administration
  • Active SC Clearance

Nice To Have

  • Cribl certification, or experience with Cribl Edge and Cribl Search
  • Splunk certifications (eg Splunk Enterprise Security Certified Admin)
  • Experience with GitOps and CI/CD tooling for detection and onboarding as code
  • Exposure to detection engineering and MITRE ATT&CK-aligned content development
  • Experience operating within NCSC CAF/GovAssure or similarly regulated public sector environments

SOC Engineer - Splunk | Cribl - SC Cleared employer: Layer7

Join a forward-thinking organisation that values innovation and expertise, offering SOC Engineers the chance to work on critical projects within the UK public sector. With a hybrid work model based in London, employees benefit from a collaborative culture that encourages professional growth and development, alongside competitive pay and the opportunity to make a meaningful impact in cybersecurity. This role not only provides a platform for technical excellence but also fosters a supportive environment where your contributions are recognised and valued.

Layer7

Contact Details:

Layer7 Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land SOC Engineer - Splunk | Cribl - SC Cleared

Get Active on Cybersecurity Forums

Join platforms like Stack Exchange and Reddit’s r/cybersecurity to hang out with industry pros, learn the latest, and share your insights. This will not only boost your visibility but also help you connect with potential clients who might need your freelance services.

Show Off Your Skills with Public Projects

Create a few open-source projects or contribute to existing ones that showcase your cybersecurity skills. Use GitHub to display your work, as this is an excellent way to attract clients looking for freelancers with a proven track record.

Attend Local Conferences and Meetups

Make sure to hit up cybersecurity meetups, workshops, and conferences in your area. These events are goldmines for networking, and you’ll often find people looking for freelancers after a chat over a coffee – so come prepared with your business cards and a killer elevator pitch!

Market Yourself Smartly

Set up a professional website that showcases your portfolio, expertise, and client testimonials. Optimise it for SEO with relevant keywords so potential clients searching for cybersecurity freelancers can easily find you. Don’t forget to link to your site on all your social media and profiles!

We think you need these skills to ace SOC Engineer - Splunk | Cribl - SC Cleared

Cribl Stream
Splunk Enterprise Security
Log Onboarding
Data Pipeline Optimisation
SPL (Search Processing Language)
Data Models
Dashboard Development

Some tips for your application 🫡

Show Your Skills Through a Strong Portfolio:Since you're applying for a freelance role in cybersecurity, it's crucial to showcase your technical skills through a detailed portfolio. Include case studies of projects you've worked on, any security tools you've developed or assessed, and specifics on the methodologies you’ve used. This will help Layer7 understand what you're capable of.

Certifications Matter!:Make sure to list any relevant certifications you hold, such as CISSP, CEH, or CompTIA Security+. Freelance clients often value these credentials as they reflect your expertise and commitment to the field. If you’re actively pursuing more certifications, don’t hesitate to mention that too!

Rates, Availability, and Your Work Style:In your application, it’s essential to be clear about your freelance rates and availability. Clients appreciate transparency. Mention how many hours a week you can dedicate and your preferred working hours, as this sets expectations from the start and shows you're organised and professional.

Tailor Your CV to Highlight Cybersecurity Experience:When crafting your CV, make sure to tailor it specifically to cybersecurity. Highlight projects, tasks, and achievements related to security assessments, vulnerabilities you've mitigated, or compliance work you've undertaken. Keywords relevant to the job can grab attention and increase your chances of landing a spot at Layer7.

How to prepare for a job interview at Layer7

Showcase Your Cybersecurity Skills

As a freelancer in cybersecurity, it’s crucial we demonstrate not just our knowledge but our practical skills too. Be ready to discuss specific tools you’ve used, like Wireshark or Metasploit, and share relevant experiences where you identified vulnerabilities or mitigated risks in past projects.

Prepare Your Portfolio

Unlike traditional roles, freelancing relies heavily on your portfolio. Let’s curate a selection of past work that showcases our best projects. If we’ve handled penetration tests, audits, or incident responses, be sure to highlight these in your portfolio, and share any client testimonials if we have them.

Stay Updated on Trends and Tools

Cybersecurity is an ever-evolving field, so we should be prepared to chat about recent developments and how they impact our work. Familiarise ourselves with the latest threats, tools, and frameworks, like MITRE ATT&CK, that are pertinent to the projects we’re pitching.

Pitching Your Value as a Freelancer

When freelancing, we often need to negotiate our rates and value propositions. Be ready to explain how our skills can help Layer7 protect their assets and manage risks. It can help to outline some potential strategies or improvements we could implement for them based on their current setup.