SOC Engineer - Splunk | Cribl - SC Cleared

Location: London (Hybrid - 2 days per week onsite) Work Pattern: Hybrid - 2 days per week onsite in London Duration: 6 months initially Rate: £550 per day IR35 Status: Outside IR35 Clearance: Active SC Clearance Overview This is an Outside IR35 contract - a genuinely attractive opportunity offering strong take-home pay for a specialist SOC Engineer with deep Splunk and Cribl expertise. We are seeking an SOC Engineer to design, build and optimise the security data pipeline underpinning a UK public sector Security Operations Centre. This is a hands-on engineering role centred on Cribl Stream and Splunk Enterprise Security: you will own end-to-end log onboarding, shape and route telemetry through Cribl, and ensure high-quality, normalised data lands in Splunk to drive reliable detection. Working alongside SOC analysts and wider engineering teams, you will improve detection coverage, control ingest cost, and support secure-by-design delivery within a complex, regulated government environment. This is a hybrid contract based in London, with 2 days per week onsite, for an initial 6 months. Key Responsibilities Design, build and administer Cribl Stream pipelines, routes, packs and worker groups to filter, enrich, route and redact security telemetry before ingestion Own end-to-end log onboarding across cloud (AWS, Azure, M365) and on-premises sources, including parsing, normalisation and Splunk Common Information Model (CIM) mapping Optimise Splunk ingest volume and licence cost by ..... full job details .....