Engineer Splunk

NCC Group

Job Location:

Manchester - UK

Monthly Salary: Not Disclosed

Posted on: 9 days ago

Vacancies: 1 Vacancy

Job Summary

We are seeking an experienced Splunk Engineer to help design build and manage our Splunk SOAR service with a strong focus on automation security response and service maturity. This role will be responsible for developing reviewing testing and deploying Splunk SOAR playbooks into production environments ensuring they are secure reliable and aligned with security governance and operational needs.

The role requires a technically strong Splunk engineer with experience in SOAR development Splunk architecture and security engineering best practices. You will work closely with SOC teams security engineers and customers owning your own workload and providing highquality delivery in a customerfacing environment. Experience with AIenabled SOC capabilities AI security tools or AIassisted development is a strong advantage as we continue to evolve our automation and detection capabilities.

Key Responsibilities

Own the build operation and continuous improvement of the Splunk SOAR service.
Design develop review and maintain Splunk SOAR playbooks to support security detection investigation and response.
Translate security use cases incidents and operational requirements into effective automated workflows.
Test SOAR playbooks thoroughly and manage controlled deployment into production environments.
Ensure playbooks and integrations follow security engineering best practices and governance requirements.
Work closely with SOC analysts security engineering teams and stakeholders to optimise automation outcomes.
Perform playbook tuning troubleshooting and enhancements to improve reliability and response times.
Maintain clear technical documentation for playbooks integrations and processes.
Support live security operations where SOAR automation is involved.
Manage your own queue of work prioritising tasks and communicating progress effectively.
Engage directly with customers providing technical guidance support and assurance.

Skills Knowledge & Expertise

Proven experience as a Splunk Engineer Splunk SOAR Engineer or similar security automation role.
Strong handson experience developing and managing Splunk SOAR playbooks.
Solid understanding of Splunk platform architecture including:
Search heads indexers forwarders
Data ingestion and performance considerations
Strong experience using Splunk SPL (Search Processing Language).
Experience integrating Splunk SOAR with security tools such as SIEM IAM EDR firewalls and ticketing platforms.
Strong understanding of security engineering best practices including incident response and automation safety.
Good understanding of security governance policies and control frameworks.
General understanding of software development practices including:
Version control systems (e.g. Git)
Code review and release controls
Familiarity with CI/CD pipelines and deployment workflows.
Ability to work independently and take ownership of delivery and outcomes.

Desirable / NicetoHave Skills

Practical knowledge of Python particularly for playbook actions scripting or custom integrations.
Experience working with AWS and/or Azure environments.
Understanding of cloud security principles and services.
Knowledge of security engineering controls particularly identity and access management (IAM).
Experience working with APIs webhooks and automation integrations.
Familiarity with AIdriven SOC capabilities such as:
AIassisted alert triage or incident enrichment
Use of AI within detection and response workflows
Experience using AI security coding tools or AIassisted development tools.
Exposure to infrastructure automation or infrastructureascode concepts.
Experience supporting managed security services or customerfacing security platforms.

Personal Attributes

Strong customerfacing skills able to communicate clearly and confidently with technical and nontechnical audiences.
Highly organised with the ability to manage your own workload and priorities effectively.
Analytical and methodical approach to problemsolving and automation design.
Proactive mindset with a focus on continuous improvement.
Comfortable operating in fastpaced securitycritical environments.
Collaborative team player with a strong sense of ownership and accountability.

Job Benefits

Flexible Working: Balance your work and personal life with our flexible working options.
Generous Holiday Allowance: Enjoy 25 days of holiday plus bank holidays with the option to buy up to 5 additional days of annual leave.
Medicash & Critical Illness Scheme
Financial & Investment Benefits: Enjoy peace of mind with our Pension Life Assurance and Share Save Scheme.
Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
Special Time Off: Take time off for those big moments in life like getting married/entering into a civil partnership becoming a grandparent and welcoming home a new pet.
Family Planning: Benefit from our generous maternity and paternity leave as well as time off and support for those undergoing fertility treatments.

Required Experience:

Key Responsibilities

Own the build operation and continuous improvement of the Splunk SOAR service.
Design develop review and maintain Splunk SOAR playbooks to support security detection investigation and response.
Translate security use cases incidents and operational requirements into effective automated workflows.
Test SOAR playbooks thoroughly and manage controlled deployment into production environments.
Ensure playbooks and integrations follow security engineering best practices and governance requirements.
Work closely with SOC analysts security engineering teams and stakeholders to optimise automation outcomes.
Perform playbook tuning troubleshooting and enhancements to improve reliability and response times.
Maintain clear technical documentation for playbooks integrations and processes.
Support live security operations where SOAR automation is involved.
Manage your own queue of work prioritising tasks and communicating progress effectively.
Engage directly with customers providing technical guidance support and assurance.

Skills Knowledge & Expertise

Proven experience as a Splunk Engineer Splunk SOAR Engineer or similar security automation role.
Strong handson experience developing and managing Splunk SOAR playbooks.
Solid understanding of Splunk platform architecture including:
Search heads indexers forwarders
Data ingestion and performance considerations
Strong experience using Splunk SPL (Search Processing Language).
Experience integrating Splunk SOAR with security tools such as SIEM IAM EDR firewalls and ticketing platforms.
Strong understanding of security engineering best practices including incident response and automation safety.
Good understanding of security governance policies and control frameworks.
General understanding of software development practices including:
Version control systems (e.g. Git)
Code review and release controls
Familiarity with CI/CD pipelines and deployment workflows.
Ability to work independently and take ownership of delivery and outcomes.

Desirable / NicetoHave Skills

Practical knowledge of Python particularly for playbook actions scripting or custom integrations.
Experience working with AWS and/or Azure environments.
Understanding of cloud security principles and services.
Knowledge of security engineering controls particularly identity and access management (IAM).
Experience working with APIs webhooks and automation integrations.
Familiarity with AIdriven SOC capabilities such as:
AIassisted alert triage or incident enrichment
Use of AI within detection and response workflows
Experience using AI security coding tools or AIassisted development tools.
Exposure to infrastructure automation or infrastructureascode concepts.
Experience supporting managed security services or customerfacing security platforms.

Personal Attributes

Strong customerfacing skills able to communicate clearly and confidently with technical and nontechnical audiences.
Highly organised with the ability to manage your own workload and priorities effectively.
Analytical and methodical approach to problemsolving and automation design.
Proactive mindset with a focus on continuous improvement.
Comfortable operating in fastpaced securitycritical environments.
Collaborative team player with a strong sense of ownership and accountability.

Job Benefits

Flexible Working: Balance your work and personal life with our flexible working options.
Generous Holiday Allowance: Enjoy 25 days of holiday plus bank holidays with the option to buy up to 5 additional days of annual leave.
Medicash & Critical Illness Scheme
Financial & Investment Benefits: Enjoy peace of mind with our Pension Life Assurance and Share Save Scheme.
Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
Special Time Off: Take time off for those big moments in life like getting married/entering into a civil partnership becoming a grandparent and welcoming home a new pet.
Family Planning: Benefit from our generous maternity and paternity leave as well as time off and support for those undergoing fertility treatments.