Engineer - Splunk

Key Responsibilities

• Own the build, operation, and continuous improvement of the Splunk SOAR service. 
• Design, develop, review, and maintain Splunk SOAR playbooks to support security detection, investigation, and response. 
• Translate security use cases, incidents, and operational requirements into effective automated workflows. 
• Test SOAR playbooks thoroughly and manage controlled deployment into production environments. 
• Ensure playbooks and integrations follow security engineering best practices and governance requirements. 
• Work closely with SOC analysts, security engineering teams, and stakeholders to optimise automation outcomes. 
• Perform playbook tuning, troubleshooting, and enhancements to improve reliability and response times. 
• Maintain clear technical documentation for playbooks, integrations, and processes. 
• Support live security operations where SOAR automation is involved. 
• Manage your own queue of work, prioritising tasks and communicating progress effectively. 
• Engage directly with customers, providing technical guidance, support, and assurance. 

Skills, Knowledge & Expertise

• Proven experience as a Splunk Engineer, Splunk SOAR Engineer, or similar security automation role. 
• Strong hands‑on experience developing and managing Splunk SOAR playbooks. 
• Solid understanding of Splunk platform architecture, including:  
• Search heads, indexers, forwarders 
• Data ingestion and performance considerations 
• Strong experience using Splunk SPL (Search Processing Language). 
• Experience integrating Splunk SOAR with security tools such as SIEM, IAM, EDR, firewalls, and ticketing platforms. 
• Strong understanding of security engineering best practices, including incident response and automation safety. 
• Good understanding of security governance, policies, and control frameworks. 
• General understanding of software development practices, including:  
• Version control systems (e.g. Git) 
• Code review and release controls 
• Familiarity with CI/CD pipelines and deployment workflows. 
• Ability to work independently and take ownership of delivery and outcomes. 

• Practical knowledge of Python, particularly for playbook actions, scripting, or custom integrations. 
• Experience working with AWS and/or Azure environments. 
• Understanding of cloud security principles and services. 
• Knowledge of security engineering controls, particularly identity and access management (IAM). 
• Experience working with APIs, webhooks, and automation integrations. 
• Familiarity with AI‑driven SOC capabilities, such as:  
• AI‑assisted alert triage or incident enrichment 
• Use of AI within detection and response workflows 
• Experience using AI security coding tools or AI‑assisted development tools. 
• Exposure to infrastructure automation or infrastructure‑as‑code concepts. 
• Experience supporting managed security services or customer‑facing security platforms. 

• Strong customer‑facing skills, able to communicate clearly and confidently with technical and non‑technical audiences. 
• Highly organised, with the ability to manage your own workload and priorities effectively. 
• Analytical and methodical approach to problem‑solving and automation design. 
• Proactive mindset with a focus on continuous improvement. 
• Comfortable operating in fast‑paced, security‑critical environments. 
• Collaborative team player with a strong sense of ownership and accountability. 

Job Benefits

• Flexible Working: Balance your work and personal life with our flexible working options.
• Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
• Medicash & Critical Illness Scheme
• Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
• Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
• Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
• Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
• Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
• Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.

About
We assess, develop and manage cyber threats across our increasingly connected society. We advise global technology, manufacturers, financial institutions, critical national infrastructure providers, retailers and governments on the best way to keep businesses, software and personal data safe.With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.