Overview

Splunk/SOC Tooling Specialist - 6-month contract (Inside IR35) - Hybrid, Central London

Senior Splunk (and broader SOC tooling) SME to own platform health, ingestion and use-case development while managing tooling operations and supporting the SOC team.

Key responsibilities

• Operate and optimise Splunk deployments, ingestion pipelines and dashboards.
• Build, test and tune detection use cases and alert content; reduce false positives.
• Manage integration and operational support for other SOC tools (Darktrace, SOAR, EDR).
• Provide day-to-day support to SOC analysts and run regular knowledge-transfer/mentoring sessions.
• Own platform maintenance windows, capacity planning and incident support for tooling outages.
• Drive platform upgrades, data onboarding and documentation for runbooks and handovers.

Must have

• Strong Splunk experience (SPL, searches, dashboards, data onboarding and optimisation).
• Experience operating SOC tooling in a 24x7 environment and supporting analyst teams.

Nice to have

• Experience with Darktrace, SOAR tooling and cloud log sources; demonstrated ability to coach junior engineers.