Splunk Security Architect

Summary: This role as a Splunk Security Architect focuses on enhancing the performance and maturity of the Splunk SaaS platform within a Cyber Security Operations Centre. The position involves engineering and architectural improvements to simplify complexity, improve automation, and standardize components across environments. Key priorities include advancing data models and implementing a unified Risk-Based Alerting approach aligned with the MITRE ATT&CK framework.

Key Responsibilities:

• Produce Architecture diagrams, high level and low-level design documents.
• Configuration of Splunk with use cases in line with CSOC standards.
• Configuration of Splunk as part of onboarding CNI and all other systems.
• Configuration of all infrastructure including AWS - EC2, S3 buckets, SQS queues etc.
• Attend technical workshops, represent the project at key meetings such as the ADF, TDAs etc.
• Represent the project across all technical discussions relating to Splunk, Onboarding, SOAR, Attack Analyzer etc.

Key Skills:

• SIEM Engineering and Architecture skills, specifically in Splunk SaaS.
• Full end to end experience of delivery life cycle experience for improvements to Splunk SaaS.
• Experience of defining improvements within Cyber departments, particularly, SIEM improvements within Cyber Security Operations Centre (CSOC) functions that result in an increase in SIEM Maturity Levels.
• Good communication, reporting, documentation and presentational skills.
• AWS Infrastructure skills for the configuration of EC2 Servers, S3 buckets etc.

Salary (Rate): undetermined

City: London

Country: UK

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT