Interim Cyber Security Officer

Summary

This is a 6-month contract opportunity with a local authority, focused on providing senior-level cybersecurity engineering expertise. The role is pivotal in supporting and optimizing the Council’s outsourced Security Operations Center (SOC) through the use of Crowd Strike and Splunk platforms. The successful candidate will ensure the effective integration, configuration, and operational use of security tools to enhance threat detection, incident response, and overall security maturity.

Additionally, the role involves providing technical leadership, mentoring, and knowledge transfer to bolster internal cyber capabilities during a period of team transition.

• Lead the deployment, configuration, and ongoing management of the Crowd Strike Falcon platform, including endpoint protection policies.
• Collaborate with the SOC provider to design, optimize, and maintain Splunk dashboards, alerts, and security data models.
• Serve as a technical escalation point for high-severity security incidents, facilitating rapid investigation, containment, and remediation using EDR and SIEM tools.
• Develop and implement SOAR workflows to automate detection, response, and security operations processes.
• Conduct proactive threat hunting using SIEM/EDR data and MITRE ATT&CK-aligned techniques.
• Support vulnerability assessment and security scanning activities using relevant tools.
• Provide input into penetration testing activities and interpret findings for remediation.
• Deliver training, coaching, and knowledge transfer to enhance the existing cybersecurity team's skills in Crowd Strike, Splunk, and threat analysis.
• Contribute to the development of security policies, standards, and technical documentation as needed.

• Minimum of 5+ years’ experience in Cyber Security Engineering or SOC Tier 3 role.
• Strong hands‑on experience with endpoint security and SIEM platforms in enterprise environments.
• Experience supporting or working alongside managed SOC providers.
• At least 2 years’ experience in vulnerability assessment tools (desirable).
• Exposure to penetration testing and web application security testing (desirable).
• Expert-level experience with Crowd Strike Falcon (Prevent, Insight, Discover).
• Strong expertise in Splunk, including SPL, dashboards, alerts, and Splunk Enterprise Security (ES).
• Solid understanding of network protocols, cloud security (AWS/Azure), and threat detection methodologies.
• Working knowledge of the MITRE ATT&CK framework.
• Experience building automation or SOAR playbooks for security operations.
• Crowd Strike certifications (CCFA / CCFR / CCSE – any combination preferred).
• Splunk Certified Cybersecurity Defense Engineer (mandatory preferred requirement).
• Security certifications such as Security+, CySA+, GSEC, CISSP, GCIH, GCIA, or CCSP (desirable).