Splunk Support Consultant

Job Title: Splunk Core Consultant & Enterprise Security Contractor

Location: Remote
Duration: 6 months (with potential extension)
IR35: Outside
Security Clearance: SC Cleared (UKSV) - UK sole nationality required

Role Overview:

We are seeking a Splunk Core Consultant & Enterprise Security Contractor to support a Defence sector SOC team in optimising their Splunk environment. This role will focus on performing a Splunk health check, implementing best practice recommendations, and fine-tuning security alerts to enhance overall SOC performance.

Key Responsibilities:

• Conduct a health check on the Splunk environment to ensure stability and scalability.
• Implement agreed optimisation's and improvements based on findings.
• Assist SOC analysts in tuning and suppressing alerts to reduce noise and improve efficiency.
• Support in refining and mapping approximately 200 use cases.
• Provide guidance on Splunk Enterprise Security to enhance SOC capabilities.
• Support live monitoring and migration activities to enable the decommissioning of a legacy SOC by May 2025.

Required Skills & Experience:

• Splunk Core Consultant Certification (with hands-on experience).
• Splunk Enterprise Security Admin Certification.
• Strong experience working in Security Operations Centres (SOCs), preferably in the Defence sector.
• Expertise in security alert tuning, log management, and threat detection using Splunk.
• Ability to work independently and support a remote team with occasional on-site collaboration.