Job Description

Role Title: Splunk SME
Duration: contract to run until 31/03/2025
Location: Remote with occasional Travel to at client site in Warwick. Potentially also Farnborough/Corsham.
Rate: up to 581.53 p/d Umbrella inside IR35
Clearance required: Active Security Clearance

Role purpose / summary

Our client is looking for a Splunk SME to manage and optimize log management and SIEM environment. Will configure and maintain Splunk Heavy Forwarders, Windows Event Collectors, and Syslog Aggregators to ensure efficient log collection, analysis, and correlation.

The focus will be on normalizing data, configuring event sources for various devices (Cisco, Palo Alto, F5, Fortinet, HPE, VMs), and developing event correlation rules, alerts, and dashboards to support our CSOC. This role requires a strong understanding of Linux, Windows, and networking logging concepts.

Key Skills/ requirements

Essential Skills:

• Proven experience with Splunk Heavy Forwarders on Linux platforms.
• Strong understanding of Windows Event Collector Services (WEC).
• Hands-on experience with Syslog Aggregators.
• Expertise in log management and forwarding best practices.

Desirable Skills:

• Experience implementing Splunk environments to CIS Level 1 and Level 2 standards.
• Familiarity with Red Hat Enterprise Linux Server.
• Knowledge of forwarding events to Splunk Enterprise and ServiceNow platforms.
• Experience integrating Splunk with SolarWinds.
• Understanding of Reliable Event Logging Protocol (RELP).

All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply!