Position: Splunk Enterprise Security Developer Employment Type: Contract, Full time Start: ASAP Location: London – hybrid Languages: English Role – We are seeking a highly motivated Splunk Enterprise Security Developer to design, implement, and optimize Splunk ES solutions that enhance security monitoring, threat detection, and incident response. You will work closely with cybersecurity teams, SOC analysts, and IT stakeholders to develop use cases, dashboards, alerts, and reports that improve visibility and strengthen our security posture. Key skills: 5 years of hands-on experience with Splunk Enterprise Security (ES) in a development/engineering role. Strong expertise in SPL (Search Processing Language) for building searches, alerts, and reports. Experience creating and optimizing custom dashboards, visualizations, and correlation rules. Proficiency in integrating multiple security data sources (firewalls, IDS/IPS, endpoints, cloud logs). Solid understanding of SIEM principles, threat detection, and incident response. Familiarity with security frameworks (MITRE ATT&CK, NIST, CIS). Knowledge of log management, parsing, and onboarding new data sources. Strong scripting skills (Python, Bash, or PowerShell) for automation. Splunk certifications (e.g., Splunk Core Certified Power User, Splunk Enterprise Security Certified Admin ) highly desirable. Consulting background is a plus. Strong communication skills (oral & written) Rights to work in the UK is must (No Sponsorship available) Responsibilities: Design, develop, and maintain Splunk Enterprise Security (ES) use cases, correlation searches, and dashboards. Customize Splunk queries, reports, and visualizations to support security monitoring and incident response. Integrate Splunk with security tools, data sources, and enterprise systems to enrich security event data. Collaborate with SOC analysts to identify threats and enhance detection capabilities. Optimize Splunk ingestion pipelines, index configurations, and storage strategies for performance and scalability. Develop automated workflows and playbooks to support security operations. Provide guidance and support to junior team members on Splunk best practices. Maintain comprehensive documentation for dashboards, searches, and configurations. Should you be interested in being considered for this position and would like to discuss further. Please apply with your latest CV or share your CV directly with me at christophe.ramen@focusonsap.org