Job Title: Splunk Core Consultant & Enterprise Security Contractor

Location: Remote
Duration: 6 months (with potential extension)
IR35: Outside
Security Clearance: SC Cleared (UKSV) - UK sole nationality required

Role Overview:

We are seeking a Splunk Core Consultant & Enterprise Security Contractor to support a Defence sector SOC team in optimising their Splunk environment. This role will focus on performing a Splunk health check, implementing best practice recommendations, and fine-tuning security alerts to enhance overall SOC performance.

Key Responsibilities:

Conduct a health check on the Splunk environment to ensure stability and scalability.
Implement agreed optimisation's and improvements based on findings.
Assist SOC analysts in tuning and suppressing alerts to reduce noise and improve efficiency.
Support in refining and mapping approximately 200 use cases.
Provide guidance on Splunk Enterprise Security to enhance SOC capabilities.
Support live monitoring and migration activities to enable the decommissioning of a legacy SOC by May 2025.

Required Skills & Experience:

Splunk Core Consultant Certification (with hands-on experience).
Splunk Enterprise Security Admin Certification.
Strong experience working in Security Operations Centres (SOCs), preferably in the Defence sector.
Expertise in security alert tuning, log management, and threat detection using Splunk.
Ability to work independently and support a remote team with occasional on-site collaboration