About the Company

Join a global manufacturing organisation recognised for engineering excellence and large scale digital transformation. With operations worldwide the business continues to invest heavily in connected platforms cloud technologies and a mature cybersecurity capability.

About the Role

We are seeking an experienced Splunk Consultant to play a key role in the design delivery and ongoing optimisation of the organisation’s global security monitoring platform. This role sits within a global cyber defence function and focuses on building operating and improving Splunk as the core SIEM capability supporting incident detection investigation and response.

You will work closely with cyber analysts engineers and architecture teams to ensure data is onboarded correctly detections are effective and dashboards and alerts deliver real operational value. This role suits someone who enjoys hands on Splunk engineering in complex enterprise environments and takes pride in building scalable reliable SIEM solutions.

Key Responsibilities

• Own the design build and ongoing optimisation of the Splunk SIEM platform across a global environment;

• Architect and maintain Splunk infrastructure including indexers search heads forwarders and data pipelines;

• Lead data onboarding activities ensuring logs are parsed normalised and aligned to CIM standards;

• Develop tune and maintain correlation searches alerts dashboards and reports to support SOC operations;

• Implement and optimise Splunk Enterprise Security including risk based alerting threat intelligence and notable events;

• Work closely with incident response and threat hunting teams to support investigations and improve detections;

• Integrate Splunk with upstream and downstream security tools such as EDR XDR cloud platforms and SOAR;

• Perform health checks upgrades capacity planning and performance tuning across the Splunk environment;

• Automate operational tasks and detection workflows using Splunk and scripting where appropriate; and

• Act as a Splunk subject matter expert providing guidance to stakeholders during incidents and major initiatives.

Skills & Experience

• Strong hands on experience delivering and supporting Splunk Enterprise and Splunk Enterprise Security in enterprise environments;

• Proven experience with SIEM architecture data onboarding CIM compliance and detection engineering;

• Experience upgrading and maintaining Splunk platforms in line with vendor best practices;

• Familiarity with SOC operations incident response and threat hunting workflows;

• Experience integrating Splunk with cloud platforms and security tooling;

• Scripting experience in Python PowerShell or Bash for automation;

• Knowledge of MITRE ATT&CK and threat actor techniques as applied to SIEM use cases; and

• Splunk certifications such as Splunk Admin Architect or Enterprise Security preferred.

How to Apply

For more information or a confidential discussion please contact Nabil Boumoughdab at u&u on nabil.boumoughdab@uandu.com quoting reference number 43035.

At u&u Recruitment Partners, we value diversity, equity and inclusion. We welcome applications from Aboriginal and Torres Strait Islander people, people with diverse cultural and linguistic backgrounds and people with disability.

Should you require reasonable adjustments or have a preferred method of communication throughout the recruitment process, we encourage you to make a request via adjustments@uandu.com or phone the above-mentioned u&u consultant to discuss. In response to these requests, we will collaborate closely with you to implement the appropriate adjustments.

Additionally, for a barrier-free and inclusive online experience, you can access u&u’s opportunities using accessibility software Recite Me at https://www.uandu.com/jobs.

Please submit your resume in Word format only.