Splunk Security Architect

This role is focused on enhancing the performance and maturity of the SIEM platform, particularly Splunk SaaS, within a Cyber Security Operations Centre. The role involves engineering and architectural improvements to simplify complexity, improve automation, and standardise components across environments. Key priorities include advancing data models, aligning use cases with the MITRE ATT&CK framework, and implementing a unified Risk-Based Alerting approach.

Success in this role requires strong SIEM architecture and engineering skills, a proven track record in delivering technology change, and effective communication capabilities. Essential qualifications include deep Splunk SaaS expertise, experience leading SIEM improvements that raise maturity levels, and a full understanding of SIEM convergence and implementation life cycles.

Key accountabilities:

• Produce Architecture diagrams, high level and low-level design documents.
• Configuration of Splunk with use cases in line with CSOC standards.
• Configuration of Splunk as part of onboarding CNI and all other systems.
• Configuration of all infrastructure including AWS - EC2, S3 buckets, SQS queues etc.
• Attend technical workshops, represent the project at key meetings such as the ADF, TDAs etc.
• Represent the project across all technical discussions relating to Splunk, Onboarding, SOAR, Attack Analyzer etc.

Key requirements:

• SIEM Engineering and Architecture skills, specifically in Splunk SaaS.
• Full end to end experience of delivery life cycle experience for improvements to Splunk SaaS.
• Experience of defining improvements within Cyber departments, particularly, SIEM improvements within Cyber Security Operations Centre (CSOC) functions that result in an increase in SIEM Maturity Levels.
• Good communication, reporting, documentation and presentational skills.
• AWS Infrastructure skills for the configuration of EC2 Servers, S3 buckets etc.

Desirable:

• Public Sector experience.
• Experience with wider SIEM Solutions.
• Experience with multiple Cyber Security related technologies.

SC highly desirable; candidates with active SC clearance will be fast-tracked.

Should you require reasonable adjustments at any point during the recruitment process or if there is a more accessible way for us to communicate, please do let us know.

If you consider yourself to have a disability or if you are a veteran, and you meet the essential criteria for the role, you will be put forward for the Guaranteed Interview' scheme whereby you will have the opportunity to discuss this role and your suitability with a member of the Sourcing team.

As an Equal Opportunities Employer, we provide the best talent and encourage all applications regardless of background, in line with our commitment to diversity, equality and inclusion.