What you will be doing:
1. Deploy, manage and optimise Elastic Stack (Elastic Security) and Splunk (Enterprise & ES) platforms at scale.
2. Design, implement and maintain data pipelines, including log ingestion, enrichment and schema standardisation (ECS/CIM).
3. Develop and tune security detection rules, translating threat intel and TTPs (MITRE ATT&CK) into actionable, low-noise alerts.
4. Manage the full content lifecycle: design → test → deploy → monitor → tune → retire, with version control and rollback.
5. Automate workflows and configurations using CI/CD, SOAR, scripting and IaC tools (Terraform, Ansible).
6. Ensure platform performance, stability and reliability, including capacity planning, high availability, disaster recovery and proactive monitoring.
What you will bring:
7. Hands-on experience with Elastic Security and Splunk ES, including detection engineering, indexing, parsing and performance tuning.
8. Strong expertise in data pipeline engineering, log enrichment, data quality and large-scale ingestion architectures (ECS/CIM).
9. Proven ability to design, test and optimise detection content, including MITRE ATT&CK-aligned rules and risk-based alerting (RBA).
10. Advanced knowledge of SPL, KQL and EQL, focused on detection quality and noise reduction.
11. Experience with automation and Infrastructure-as-Code in SIEM environments.
12. Deep understanding of SIEM platform operations, including clustering, high availability, disaster recovery, scaling and performance optimisation.
13. Strong problem-solving skills with a proactive approach to improving security operations.
If you are interested in this role but not sure if your skills andexperience are exactly what we’re looking for, please do apply, we’d love to hear from you!
Although this role is advertised as full-time, we support different ways of working and can offer a range of flexible working arrangements. So, if you’re interested and need to work flexibly, we encourage you to apply and talk to us about what might be possible.
Employment Type: Full Time, Permanent
Location: Hemel Hempstead ON-SITE
Security Clearance Level: DV Cleared
Internal Recruiter: Lee
Salary: from £65k+ depending on experience and developmental needs
Benefits: £5400 Car Allowance, 25 days annual leave with the option to buy additional days, private health care, life assurance, pension, and generous flexible benefits fund (3% of base salary).