SOC Engineer - CRIBL - SPLUNK - London, Hybrid - £520 p/d Outside IR35 - SC Cleared
SOC Engineer - CRIBL - SPLUNK - London, Hybrid - £520 p/d Outside IR35 - SC Cleared
One of our public sector clients is looking for an experienced SOC Engineer to join them for a 6 month initial contract. They are offering £520 per day OUTSIDE IR35.
Our client is based in London and they are offering hybrid working, with 2 days per week onsite.
T his role is working in a Security Cleared environment. You will need to be SC or DV (developed vetting) cleared or eligible to undertake SC or DV Security Clearance.
As the SOC Engineer you will design, build and optimise the security data pipeline underpinning a UK public sector Security Operations Centre. This is a hands-on engineering role centred on Cribl Stream and Splunk Enterprise Security: you will own end-to-end log onboarding, shape and route telemetry through Cribl, and ensure high-quality, normalised data lands in Splunk to drive reliable detection. Working alongside SOC analysts and wider engineering teams, you will improve detection coverage, control ingest cost, and support secure-by-design delivery within a complex, regulated government environment.
Skills and Experience Required:
- Strong commercial experience as a SOC/Security Engineer building and operating SIEM data pipelines
- Hands-on Cribl Stream experience - designing and managing routes, pipelines, packs and worker groups for log routing, enrichment and reduction
- Deep Splunk experience, including Enterprise Security (ES) administration in distributed environments
- Strong SPL, data models, dashboards and search optimisation skills
- Expertise in data onboarding, parsing, index-time processing, normalisation and CIM mapping (props/transforms)
- Experience reducing Splunk ingest volume and licence cost through telemetry pipeline optimisation
- Log onboarding from cloud (AWS, Azure, M365) and on-premises systems
- Scripting in Python or PowerShell for data manipulation and API interaction
- Working knowledge of Linux (RHEL) and Windows administration
- Cribl certification, or experience with Cribl Edge and Cribl Search - desirable
- Splunk certifications (eg Splunk Enterprise Security Certified Admin) - desirable
- Experience with GitOps and CI/CD tooling for detection and onboarding as code - desirable
- Exposure to detection engineering and MITRE ATTCK-aligned content development - desirable
- Experience operating within NCSC CAF/GovAssure or similarly regulated public sector environments - desirable
If you think you'd be a good fit for this role, please apply here. We look forward to hearing from you!
SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.