We are looking for an experienced Splunk Engineer to lead the design, deployment and optimisation of enterprise‑scale security monitoring platforms. This hands‑on technical role is suited to someone with strong Splunk Enterprise and Splunk Enterprise Security experience, who can take ownership of platform engineering, data ingestion, detection content and performance tuning across complex client environments. The role offers the chance to broaden your capability and gain deeper experience in Elastic Security, with support and training available to help build your expertise further.
What you will be doing:
* Lead the deployment, management and optimisation of Splunk Enterprise and Splunk ES platforms in large, complex environments.
* Design, implement and maintain data pipelines, including log ingestion, enrichment and schema standardisation.
* Develop and tune security detection content, translating threat intelligence and TTPs aligned to MITRE ATT&CK into actionable, high‑value alerts.
* Manage the full detection content lifecycle: design, test, deploy, monitor, tune and retire, using version control and rollback processes.
* Automate workflows and platform configurations using CI/CD, SOAR, scripting and Infrastructure as Code tools such as Terraform and Ansible.
* Ensure platform performance, stability and resilience through capacity planning, high availability, disaster recovery and proactive monitoring.
* Provide technical leadership and guidance to internal teams and clients on security monitoring strategy and best practice.
What you will bring:
* Proven experience deploying and managing Splunk at enterprise scale.
* Strong hands‑on knowledge of SIEM engineering, including indexing, parsing, onboarding and performance tuning.
* Experience designing and optimising detection content, including MITRE ATT&CK‑aligned use cases and alert tuning to reduce noise.
* Good understanding of data pipeline engineering, log enrichment, data quality and large‑scale ingestion architectures.
* Strong knowledge of SPL; experience with KQL and EQL would be beneficial, but is not essential.
* Experience with automation and Infrastructure‑as‑Code within security monitoring or SIEM environments.
* Solid understanding of SIEM platform operations, including clustering, scaling, high availability, disaster recovery and performance optimisation.
* Strong problem‑solving skills and a proactive approach to improving security operations.
* An interest in developing expertise in Elastic Security, with support and training available as part of the role.
If you are interested in this role but not sure if your skills and experience are exactly what we are looking for, please do apply – we’d love to hear from you.
Employment Details
Employment type: Full‑time, Permanent.
Location: Hemel Hempstead.
Security clearance level: DV cleared.
Internal recruiter: Jane.
Salary: Competitive, depending on experience.
Benefits
£5,400 Car Allowance, 25 days annual leave with the option to buy additional days, private health care, life assurance, pension, and a generous flexible benefits fund.
We are an equal opportunity employer committed to diversity and inclusion.
#J-18808-Ljbffr