Senior Cyber Security Splunk SME

Senior Cyber Security Splunk SME

Full Time

Permanent

Fully onsite - Moorgate, London EC2Y

£80-92K basic + benefits (5% pension, 25 days hols, life insurance, medical cover)

Are you an experienced Splunk SME looking for a new challenge?

Do you have a strong background in Splunk, IAM and SOAR with a high level understanding of wider Splunk ecosystem, along with Incident Management, Python and Powershell skills?

Here at ARM we are recruiting for a full time permanent Splunk SME for a global IT services and consultancy client of ours.

Our client:

They ' re a leading business with a global reach that empowers local teams, and they undertake hugely exciting work that is genuinely changing the world. Their advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects.

They ' re a rapidly growing, people-first technology organisation and part of a $1B global service provider delivering end-to-end IT Outsourcing (ITO) and Cyber Defence services to clients across the UK and beyond.

Within their Security Practice, they provide a range of services including Managed Detection and Response (MDR), Vulnerability Management, Penetration Testing, Incident Response, and consultancy led Security Advisory services. You'll be joining a team that values learning, celebrates innovation, and supports your career journey every step of the way.

The Opportunity:

We are looking for a skilled Splunk Specialist to deliver end-to-end Splunk engagements, helping clients build and enhance their security monitoring capabilities. You will lead the full project life cycle, from requirements gathering and stakeholder engagement through to data onboarding, alert development, and dashboard creation, ensuring solutions are aligned to both business and security objectives.

You will bring strong hands-on experience with Splunk Enterprise Security and a proven track record in delivering cybersecurity projects. This includes designing and implementing detection use cases, tuning alerts, and developing dashboards that provide clear, actionable insights for security operations teams.

Experience with SOAR and UEBA technologies is advantageous but not essential. This role suits someone who enjoys working in a client-facing environment, solving complex challenges, and contributing to the ongoing evolution of modern Security Operations Centres.

What You'll Be Doing:

Design, build, and continuously enhance detection capabilities within Splunk across Linux and Windows environments, including log onboarding, normalisation, and enrichment

Develop and maintain high-quality detection content such as correlation searches and risk-based alerting within Splunk Enterprise Security

Write and optimise complex queries to support threat detection, proactive threat hunting, and anomaly identification

Map detection logic to adversary behaviours using the MITRE ATT&CK Framework, ensuring effective coverage of tactics, techniques, and procedures

Work with the wider Splunk ecosystem, including tools like TrackMe, and contribute to automation and orchestration initiatives (including exposure to SOAR where applicable)

Leverage Scripting languages such as Python and PowerShell to automate detection logic, enrich data, and integrate with security workflows

Provide mentorship and technical guidance to junior engineers, particularly on Splunk Back End activities such as data ingestion, parsing, indexing, and troubleshooting

Collaborate closely with SOC analysts, incident responders, and global engineering teams to improve detection and response capabilities

Apply strong analytical and problem-solving skills to translate threat intelligence into actionable detection use cases and continuously improve security operations

What We ' re Looking For:

Essential:

Experience working on multiple projects with broad scope, ambiguity, and a high degree of difficulty

Demonstrable proficiency across a wide range of IT and cybersecurity technologies

Strong knowledge of key cybersecurity domains, including Identity and Access Management and Incident Management

High-level analytical ability to solve unusual and complex problems

Ability to maintain up-to-date working knowledge of cybersecurity principles and best practices

Experience in senior stakeholder management and providing clear, relevant management reporting, professional communication - written and verbal.

Eligibility to work in the UK.

Desirable:

Experience in technology projects such as cyber infrastructure implementation or replacement initiatives

Understanding of global program structures, launch plans, timing, and ownership

Ability to coach and mentor team members through knowledge transfer and constructive feedback

Some of the benefits include:

Healthcare and dental insurance

Company pension is matched up to 5%

25 days annual leave entitlement plus bank holidays and the option to purchase 5 extra days

Life assurance - 4 x annual salary

Cycle to work scheme

Client prioritises internal development opportunities and offer access to our Udemy training platform with over 5000 training courses

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.