Engineer - Splunk

We are seeking an experienced Splunk Engineer to help design, build, and manage our Splunk SOAR service, with a strong focus on automation, security response, and service maturity. This role will be responsible for developing, reviewing, testing, and deploying Splunk SOAR playbooks into production environments, ensuring they are secure, reliable, and aligned with security governance and operational needs. The role requires a technically strong Splunk engineer with experience in SOAR development, Splunk architecture, and security engineering best practices. You will work closely with SOC teams, security engineers, and customers, owning your own workload and providing high-quality delivery in a customer-facing environment. Experience with AI-enabled SOC capabilities, AI security tools, or AI-assisted development is a strong advantage as we continue to evolve our automation and detection capabilities., * Own the build, operation, and continuous improvement of the Splunk SOAR service.

• Design, develop, review, and maintain Splunk SOAR playbooks to support security detection, investigation, and response.
• Translate security use cases, incidents, and operational requirements into effective automated workflows.
• Test SOAR playbooks thoroughly and manage controlled deployment into production environments.
• Ensure playbooks and integrations follow security engineering best practices and governance requirements.
• Work closely with SOC analysts, security engineering teams, and stakeholders to optimise automation outcomes.
• Perform playbook tuning, troubleshooting, and enhancements to improve reliability and response times.
• Maintain clear technical documentation for playbooks, integrations, and processes.
• Support live security operations where SOAR automation is involved.
• Manage your own queue of work, prioritising tasks and communicating progress effectively.
• Engage directly with customers, providing technical guidance, support, and assurance.

• Proven experience as a Splunk Engineer, Splunk SOAR Engineer, or similar security automation role.
• Strong hands-on experience developing and managing Splunk SOAR playbooks.
• Solid understanding of Splunk platform architecture, including:
• Search heads, indexers, forwarders
• Data ingestion and performance considerations
• Strong experience using Splunk SPL (Search Processing Language).
• Experience integrating Splunk SOAR with security tools such as SIEM, IAM, EDR, firewalls, and ticketing platforms.
• Strong understanding of security engineering best practices, including incident response and automation safety.
• Good understanding of security governance, policies, and control frameworks.
• General understanding of software development practices, including:
• Version control systems (e.g. Git)
• Code review and release controls
• Familiarity with CI/CD pipelines and deployment workflows.
• Ability to work independently and take ownership of delivery and outcomes.

Desirable / Nice - to - Have Skills

• Practical knowledge of Python, particularly for playbook actions, scripting, or custom integrations.
• Experience working with AWS and/or Azure environments.
• Understanding of cloud security principles and services.
• Knowledge of security engineering controls, particularly identity and access management (IAM).
• Experience working with APIs, webhooks, and automation integrations.
• Familiarity with AI-driven SOC capabilities, such as:
• AI-assisted alert triage or incident enrichment
• Use of AI within detection and response workflows
• Experience using AI security coding tools or AI-assisted development tools.
• Exposure to infrastructure automation or infrastructure-as-code concepts.
• Experience supporting managed security services or customer-facing security platforms., * Strong customer-facing skills, able to communicate clearly and confidently with technical and non-technical audiences.
• Highly organised, with the ability to manage your own workload and priorities effectively.
• Analytical and methodical approach to problem-solving and automation design.
• Proactive mindset with a focus on continuous improvement.
• Comfortable operating in fast-paced, security-critical environments.
• Collaborative team player with a strong sense of ownership and accountability., Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.

• Generous Holiday Allowance : Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
• Medicash & Critical Illness Scheme
• Financial & Investment Benefits : Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
• Community & Volunteering Programmes : Make a difference in your community with our volunteering opportunities.
• Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
• Cycle Schem e: Stay fit and healthy with our cycle-to-work scheme.
• Special Time Off : Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
• Family Planning : Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.

About NCC Group We assess, develop and manage cyber threats across our increasingly connected society. We advise global technology, manufacturers, financial institutions, critical national infrastructure providers, retailers and governments on the best way to keep businesses, software and personal data safe. With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face. We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security. Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide. We review every application received and will get in touch if your skills and experience match what we're looking for. If you don't hear back from us within 10 days, please don't be too disappointed - we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.