Description :

Role Overview

We are looking for an exceptional, end-to-end Security Consultant with strong expertise in :

- Splunk SIEM (Enterprise Security)

- Splunk SOAR

- Splunk UEBA / Risk-Based Alerting (RBA)

- Threat Detection & Anomaly Detection

- Vulnerability Management & Threat Intelligence

- Identity Security & Access Analytics

- Blue Teaming + Red Teaming methodologies

This consultant will serve as our go-to security expert, responsible for designing, building, and optimizing security detection frameworks, incident workflows, threat models, and advanced analytics.

You will work closely with customers, internal engineering teams, and leadership to deliver outcome-based cybersecurity solutions.

Key Responsibilities :

1. Splunk Security Stack Architecture, Delivery & Optimisation

- Architect, deploy, and optimize Splunk Enterprise Security (ES), SOAR, and UEBA solutions.

- Build correlation searches, risk rules, risk notables, and dashboards aligned to MITRE ATT&CK.

- Implement Risk-Based Alerting (RBA) with identity/data enrichment.

- Configure playbooks, automations, workflows, and integrations for SOAR.

- Develop security use cases based on customer environment, threat landscape, and compliance needs.

2. Threat Detection & Incident Response :

- Build advanced detection for malware, lateral movement, insider threats, identity abuse, cloud misconfigurations, APT behaviours, phishing, and anomalous activity.

- Perform triage automation, incident enrichment, and response orchestration using Splunk SOAR.

- Improve detection rules, mapping to frameworks such as MITRE, NIST, CIS, and Zero Trust.

3. Blue Teaming & Red Teaming Skills

- Strong understanding of attack chains, adversary emulation, exploitation techniques, and lateral movement.

- Assist in threat hunting, purple team exercises, and post-incident investigations.

- Work with red teams to create detections for new TTPs across the kill chain.

4. Security Architecture & Governance :

- Provide end-to-end security advisory across SIEM/SOAR/UEBA, identity, vulnerability, cloud security, and network security.

- Work with clients to implement security governance models, KPIs, SLAs, and continuous improvement plans.

- Conduct data onboarding, CIM alignment, data model acceleration, and log source hygiene reviews.

5. Vulnerability, Threat Intelligence & Identity Analytics :

- Build content for vulnerability prioritisation, exploit insights, and exposure management.

- Integrate threat intel feeds, STIX/TAXII, and other sources for detection enrichment.

- Develop identity-based detections using Okta/Azure AD/IDP logs and behaviour patterns.

6. Customer Leadership & Advisory :

- Act as the trusted advisor for all Splunk security topics.

- Lead workshops, assessments, and roadmap sessions with CXO/security leadership.

- Provide training, knowledge transfer, and capability uplift to customers and internal teams.

Mandatory Skills & Experience :

Splunk Expertise (Must-Have) :

- 410 years working with Splunk Enterprise Security, SOAR, and UEBA

- Strong in SPL, correlation searches, data models, risk rules, and notable tuning

- Hands-on experience with playbook development in SOAR (Python/YAML)

- Deep knowledge of CIM alignment, index design, data onboarding, and ingestion hygiene

Cyber Security Expertise (Must-Have) :

- Strong understanding of network security, endpoint, logging, identity security, cloud security, vulnerability management

- Blue Teaming (Detection Engineering, IR workflows, alert triage, threat hunting)

- Red Teaming (attack simulation, APT TTPs, exploit knowledge, lateral movement)

- MITRE ATT&CK, cyber kill chain, Zero Trust, NIST CSF

- Strong knowledge of threat detection & anomaly detection frameworks

Technical Breadth :

Experience with at least 5 of the following preferred :

- Endpoint: CrowdStrike, Carbon Black, Defender

- Firewalls: Palo Alto, Cisco, Fortinet

- Cloud Security: AWS/Azure/GCP logging & analytics

- Threat Intel Platforms: MISP, Anomali

- Identity: Okta, Azure AD, Ping

- Vulnerability: Qualys, Tenable, Rapid7

- Other SIEM/SOAR platforms (QRadar, Sentinel, Arcsight, Exabeam)

Soft Skills & Leadership :

- Excellent communication and consulting skills

- Ability to run customer workshops independently

- Strong problem-solving and analytical thinking

- Ability to handle pressure and lead critical incident response

- Experience working in high-stakes enterprise environments

Qualifications :

Preferred Certifications (not mandatory but desirable) :

- Splunk Enterprise Security Admin

- Splunk SOAR Administrator / Consultant

- Splunk Core + Power User

- Splunk ITSI (good to have)

- CEH, OSCP, GCIA, GCIH, GCFA, Security+, CISSP (bonus)