6 Month Contract With A Local Authority Job Purpose To provide senior-level cybersecurity engineering expertise to support and optimise the Council’s outsourced SOC (NCC Group), leveraging CrowdStrike and Splunk platforms. The role will ensure effective integration, configuration, and operational use of security tools to improve threat detection, incident response, and overall security maturity. The post-holder will also provide technical leadership, mentoring, and knowledge transfer to strengthen internal cyber capability during a period of team transition. Key Responsibilities Lead deployment, configuration, and ongoing management of the CrowdStrike Falcon platform, including endpoint protection policies. Work with the SOC provider to design, optimise, and maintain Splunk dashboards, alerts, and security data models. Act as technical escalation point for high-severity security incidents, supporting rapid investigation, containment, and remediation using EDR and SIEM tools. Develop and implement SOAR workflows to automate detection, response, and security operations processes. Conduct proactive threat hunting using SIEM/EDR data and MITRE ATT&CK-aligned techniques. Support vulnerability assessment and security scanning activities using relevant tooling. Provide input into penetration testing activities and interpret findings for remediation. Deliver training, coaching, and knowledge transfer to upskill the existing cyber security team in CrowdStrike, Splunk, and threat analysis. Contribute to development of security policies, standards, and technical documentation where required. Requirements Minimum 5 years’ experience in Cyber Security Engineering or SOC Tier 3 role. Strong hands-on experience with endpoint security and SIEM platforms in enterprise environments. Experience supporting or working alongside managed SOC providers. At least 2 years’ experience in vulnerability assessment tools (desirable). Exposure to penetration testing and web application security testing (desirable). Expert-level experience with CrowdStrike Falcon (Prevent, Insight, Discover). Strong Splunk expertise including SPL, dashboards, alerts, and Splunk Enterprise Security (ES). Strong understanding of network protocols, cloud security (AWS/Azure), and threat detection methodologies. Working knowledge of the MITRE ATT&CK framework. Experience building automation or SOAR playbooks for security operations. CrowdStrike certifications (CCFA / CCFR / CCSE – any combination preferred). Splunk Certified Cybersecurity Defense Engineer (mandatory preferred requirement). Security certifications such as Security, CySA, GSEC, CISSP, GCIH, GCIA, or CCSP (desirable). Additional Information Bi-Weekly Payments Location: Hackney, London