Splunk Security developer

Splunk Security developer - Start: ASAP; Duration: 6-12 months; Location: London (hybrid ad hoc); Pay: 450-475 / day (inside IR35).

A confidential client is seeking an experienced Splunk Consultant with strong expertise in Enterprise Security (ES) and SOAR to support and enhance their SIEM capabilities. This role is critical in delivering threat detection, investigation, and response capabilities, leveraging Splunk's advanced security and automation features.

Responsibilities

• Implement and support Splunk Enterprise 7/8 in a multi-site clustered environment
• Lead onboarding of security data sources and parsing from diverse platforms (e.g. firewalls, endpoints)
• Design and develop correlation searches and security use cases aligned to CIM and DMA
• Build and manage response playbooks using Splunk SOAR
• Implement and support Splunk ITSI dashboards and services
• Monitor, tune, and maintain high-availability Splunk infrastructure
• Automate repetitive tasks to improve operational efficiency
• Work with Splunk apps and ensure seamless integration with infrastructure
• Own delivery of Splunk onboarding projects, from small to enterprise scale
• Support SOC operations with unified workflows, case management, and response plans

Essential Skills & Experience

• Advanced knowledge of Splunk Enterprise (7/8), SOAR, and ITSI
• Strong understanding of CIM, DMA, and security use case development
• Proven experience with clustered Splunk deployments and multi-site architectures
• Skilled in onboarding and parsing security data sources
• Solid command line and GUI experience in Splunk administration
• Experience with Red Hat Linux and Windows environments
• Familiarity with Splunk security models, audit policies, and app integrations
• Capable of supporting Splunk as a shared enterprise service