×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager

Engineer - Splunk

Job in City Of London, Central London, Greater London, England, UK
Listing for: NCC Group
Full Time position
Listed on 2026-06-05
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager
Salary/Wage Range or Industry Benchmark: 80000 - 100000 GBP Yearly GBP 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Location: City Of London

Engineer - Splunk

Department: Cyber Services and Capabilities

Employment Type: Fixed Term Contract

Location: G  London

Description

We are seeking an experienced Splunk Engineer to help design, build, and manage our Splunk SOAR service, with a strong focus on automation, security response, and service maturity. This role will be responsible for developing, reviewing, testing, and deploying Splunk SOAR playbooks into production environments, ensuring they are secure, reliable, and aligned with security governance and operational needs.

The role requires a technically strong Splunk engineer with experience in SOAR development, Splunk architecture, and security engineering best practices. You will work closely with SOC teams, security engineers, and customers, owning your own workload and providing high‑quality delivery in a customer‑facing environment. Experience with AI‑enabled SOC capabilities, AI security tools, or AI‑assisted development is a strong advantage as we continue to evolve our automation and detection capabilities.

Key Responsibilities
  • Own the build, operation, and continuous improvement of the Splunk SOAR service.
  • Design, develop, review, and maintain Splunk SOAR playbooks to support security detection, investigation, and response.
  • Translate security use cases, incidents, and operational requirements into effective automated workflows.
  • Test SOAR playbooks thoroughly and manage controlled deployment into production environments.
  • Ensure playbooks and integrations follow security engineering best practices and governance requirements.
  • Work closely with SOC analysts, security engineering teams, and stakeholders to optimise automation outcomes.
  • Perform playbook tuning, troubleshooting, and enhancements to improve reliability and response times.
  • Maintain clear technical documentation for playbooks, integrations, and processes.
  • Support live security operations where SOAR automation is involved.
  • Manage your own queue of work, prioritising tasks and communicating progress effectively.
  • Engage directly with customers, providing technical guidance, support, and assurance.
Skills, Knowledge & Expertise
  • Proven experience as a Splunk Engineer, Splunk SOAR Engineer, or similar security automation role.
  • Strong hands‑on experience developing and managing Splunk SOAR playbooks.
  • Solid understanding of Splunk platform architecture, including:
  • Search heads, indexers, forwarders
  • Data ingestion and performance considerations
  • Strong experience using Splunk SPL (Search Processing Language).
  • Experience integrating Splunk SOAR with security tools such as SIEM, IAM, EDR, firewalls, and ticketing platforms.
  • Strong understanding of security engineering best practices, including incident response and automation safety.
  • Good understanding of security governance, policies, and control frameworks.
  • General understanding of software development practices, including:
  • Version control systems (e.g. Git)
  • Code review and release controls
  • Familiarity with CI/CD pipelines and deployment workflows.
  • Ability to work independently and take ownership of delivery and outcomes.
Desirable / Nice‑to‑Have Skills
  • Practical knowledge of Python, particularly for playbook actions, scripting, or custom integrations.
  • Experience working with AWS and/or Azure environments.
  • Understanding of cloud security principles and services.
  • Knowledge of security engineering controls, particularly identity and access management (IAM).
  • Experience working with APIs, webhooks, and automation integrations.
  • Familiarity with AI‑driven SOC capabilities, such as:
  • AI‑assisted alert triage or incident enrichment
  • Use of AI within detection and response workflows
  • Experience using AI security coding tools or AI‑assisted development tools.
  • Exposure to infrastructure automation or infrastructure‑as‑code concepts.
  • Experience supporting managed security services or customer‑facing security platforms.
Personal Attributes
  • Strong customer‑facing skills, able to communicate clearly and confidently with technical and non‑technical audiences.
  • Highly organised, with the ability to manage your own workload and priorities effectively.
  • Analytical and methodical approach to problem‑solving and automation design.
  • Proactive…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search