Engineer - Splunk in City of Westminster

We are seeking an experienced Splunk Engineer to help design, build, and manage our Splunk SOAR service, with a strong focus on automation, security response, and service maturity. This role will be responsible for developing, reviewing, testing, and deploying Splunk SOAR playbooks into production environments, ensuring they are secure, reliable, and aligned with security governance and operational needs. The role requires a technically strong Splunk engineer with experience in SOAR development, Splunk architecture, and security engineering best practices. You will work closely with SOC teams, security engineers, and customers, owning your own workload and providing high‑quality delivery in a customer‑facing environment. Experience with AI‑enabled SOC capabilities, AI security tools, or AI‑assisted development is a strong advantage as we continue to evolve our automation and detection capabilities.

Key Responsibilities

• Own the build, operation, and continuous improvement of the Splunk SOAR service.
• Design, develop, review, and maintain Splunk SOAR playbooks to support security detection, investigation, and response.
• Translate security use cases, incidents, and operational requirements into effective automated workflows.
• Test SOAR playbooks thoroughly and manage controlled deployment into production environments.
• Ensure playbooks and integrations follow security engineering best practices and governance requirements.
• Work closely with SOC analysts, security engineering teams, and stakeholders to optimise automation outcomes.
• Perform playbook tuning, troubleshooting, and enhancements to improve reliability and response times.
• Maintain clear technical documentation for playbooks, integrations, and processes.
• Support live security operations where SOAR automation is involved.
• Manage your own queue of work, prioritising tasks and communicating progress effectively.
• Engage directly with customers, providing technical guidance, support, and assurance.

Skills, Knowledge & Expertise

• Proven experience as a Splunk Engineer, Splunk SOAR Engineer, or similar security automation role.
• Strong hands‑on experience developing and managing Splunk SOAR playbooks.
• Solid understanding of Splunk platform architecture, including: Search heads, indexers, forwarders, data ingestion and performance considerations.
• Strong experience using Splunk SPL (Search Processing Language).
• Experience integrating Splunk SOAR with security tools such as SIEM, IAM, EDR, firewalls, and ticketing platforms.
• Strong understanding of security engineering best practices, including incident response and automation safety.
• Good understanding of security governance, policies, and control frameworks.
• General understanding of software development practices, including version control systems (e.g. Git), code review and release controls, familiarity with CI/CD pipelines and deployment workflows.
• Ability to work independently and take ownership of delivery and outcomes.

Desirable / Nice‑to‑Have Skills

• Practical knowledge of Python, particularly for playbook actions, scripting, or custom integrations.
• Experience working with AWS and/or Azure environments.
• Understanding of cloud security principles and services.
• Knowledge of security engineering controls, particularly identity and access management (IAM).
• Experience working with APIs, webhooks, and automation integrations.
• Familiarity with AI‑driven SOC capabilities, such as AI‑assisted alert triage or incident enrichment, use of AI within detection and response workflows, experience using AI security coding tools or AI‑assisted development tools.
• Exposure to infrastructure automation or infrastructure‑as‑code concepts.
• Experience supporting managed security services or customer‑facing security platforms.

Personal Attributes

• Strong customer‑facing skills, able to communicate clearly and confidently with technical and non‑technical audiences.
• Highly organised, with the ability to manage your own workload and priorities effectively.
• Analytical and methodical approach to problem‑solving and automation design.
• Proactive mindset with a focus on continuous improvement.
• Comfortable operating in fast‑paced, security‑critical environments.
• Collaborative team player with a strong sense of ownership and accountability.

Job Benefits

• Flexible Working: Balance your work and personal life with our flexible working options.
• Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
• Medicash & Critical Illness Scheme Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
• Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
• Green Car Scheme: Drive green and save money with our eco‑friendly car scheme.
• Cycle Scheme: Stay fit and healthy with our cycle‑to‑work scheme.
• Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
• Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.