Job summary
We are seeking an experienced Splunk Engineer / Security Architect to lead strategic and tactical improvements to the SIEM and associated components across a large-scale hybrid security environment.
Key skills required for this role
Splunk SaaS SIEM Architecture Cyber Security Operations Centre (CSOC) AWS Infrastructure MITRE ATT&CK Framework SOAR Integration
Important
Splunk SaaS SIEM Architecture Cyber Security Operations Centre (CSOC) AWS Infrastructure MITRE ATT&CK Framework SOAR Integration
Job description
Splunk Engineer / Security Architect
Location: Hybrid - Remote with up to 2 days/week in
Contract Duration: 9 months (192 working days)
Active SC clearance required
Role Overview
We are seeking an experienced Splunk Engineer / Security Architect to lead strategic and tactical improvements to the SIEM and associated components across a large-scale hybrid security environment. You'll play a pivotal role in enhancing monitoring capabilities, driving SIEM convergence, and supporting the maturity of security operations.
This role is aligned to a national programme improving the government's ability to detect and respond to cyber threats across multiple portfolios. You'll work alongside the SIEM Product Owner and CSOC teams to define and deliver architectural and engineering enhancements using Splunk SaaS and related technologies.
Key Responsibilities
1. Produce and maintain architecture diagrams, high- and low-level design documentation
2. Lead configuration of Splunk and associated infrastructure (AWS EC2, S3, SQS, etc.)
3. Drive use case development aligned with CSOC and MITRE ATT&CK framework
4. Attend and represent the project at key technical forums (ADF, TDA, workshops)
5. Deliver improvements to SIEM architecture, use cases, automation, and data enrichment
6. Improve onboarding processes for directorates and manage onboarding QA
7. Lead integration of SOAR, Attack Analyzer, and other tooling into operational use
8. Standardise collection tier components using Infrastructure as Code (IaC) where possible
Essential Skills & Experience
9. Strong experience in Splunk SaaS as a lead engineer and/or architect
10. Deep understanding of SIEM Engineering & Architecture, particularly in CSOC environments
11. Demonstrated experience leading end-to-end SIEM improvement initiatives
12. Proven ability to define and implement change within complex cyber environments
13. Excellent documentation, communication, and stakeholder engagement skills
14. Solid AWS infrastructure knowledge (EC2, S3, SQS, etc.)
Desirable Skills & Experience
15. Experience with SIEM convergence from legacy platforms
16. Familiarity with tools such as JIRA, Confluence, Git
17. Background in Ethical Hacking, IDAM, PKI, or broader information security disciplines
18. A team-oriented, adaptable mindset with a problem-solving approach
Required Qualifications
19. Splunk Cloud Administrator
20. Splunk Enterprise Security
21. Splunk SOAR Administrator
22. Splunk Certified Cybersecurity Defence Analyst
23. Cloud Security Architecture (CSA)
24. Microsoft Azure Infrastructure Solutions
Desirable Certifications
25. Certified Information Systems Security Professional (CISSP)
26. Ethical Hacking & Intrusion Prevention
27. Information Security Management Systems (ISMS)
28. Identity Access & Management (IDAM)
29. Share
manages this role
Matchtech is a STEM Recruitment Specialist, with over 40 years’ experience