Senior Cyber Security Splunk SME Full Time Permanent Fully onsite - Moorgate, London EC2Y £80-92K basic + benefits (5% pension, 25 days hols, life insurance, medical cover) Are you an experienced Splunk SME looking for a new challenge? Do you have a strong background in Splunk, IAM and SOAR with a high-level understanding of wider Splunk ecosystem, along with Incident Management, Python and Powershell skills? Here at ARM, we are recruiting for a full time permanent Splunk SME for a global IT services and consultancy client of ours. Our client: They're a leading business with a global reach that empowers local teams, and they undertake hugely exciting work that is genuinely changing the world. Their advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects. They're a rapidly growing, people-first technology organisation and part of a $1B global service provider delivering end-to-end IT Outsourcing (ITO) and Cyber Defence services to clients across the UK and beyond. Within their Security Practice, they provide a range of services including Managed Detection and Response (MDR), Vulnerability Management, Penetration Testing, Incident Response, and consultancy led Security Advisory services. You'll be joining a team that values learning, celebrates innovation, and supports your career journey every step of the way. The Opportunity: We are looking for a skilled Splunk Specialist to deliver end-to-end Splunk engagements, helping clients build and enhance their security monitoring capabilities. You will lead the full project lifecycle, from requirements gathering and stakeholder engagement through to data onboarding, alert development, and dashboard creation, ensuring solutions are aligned to both business and security objectives. You will bring strong hands-on experience with Splunk Enterprise Security and a proven track record in delivering cybersecurity projects. This includes designing and implementing detection use cases, tuning alerts, and developing dashboards that provide clear, actionable insights for security operations teams. Experience with SOAR and UEBA technologies is advantageous but not essential. This role suits someone who enjoys working in a client-facing environment, solving complex challenges, and contributing to the ongoing evolution of modern Security Operations Centres. What You'll Be Doing: Design, build, and continuously enhance detection capabilities within Splunk across Linux and Windows environments, including log onboarding, normalisation, and enrichment Develop and maintain high-quality detection content such as correlation searches and risk-based alerting within Splunk Enterprise Security Write and optimise complex queries to support threat detection, proactive threat hunting, and anomaly identification Map detection logic to adversary behaviours using the MITRE ATT&CK Framework, ensuring effective coverage of tactics, techniques, and procedures Work with the wider Splunk ecosystem, including tools like TrackMe, and contribute to automation and orchestration initiatives (including exposure to SOAR where applicable) Leverage scripting languages such as Python and PowerShell to automate detection logic, enrich data, and integrate with security workflows Provide mentorship and technical guidance to junior engineers, particularly on Splunk backend activities such as data ingestion, parsing, indexing, and troubleshooting Collaborate closely with SOC analysts, incident responders, and global engineering teams to improve detection and response capabilities Apply strong analytical and problem-solving skills to translate threat intelligence into actionable detection use cases and continuously improve security operations What We're Looking For: Essential: Experience working on multiple projects with broad scope, ambiguity, and a high degree of difficulty Demonstrable proficiency across a wide range of IT and cybersecurity technologies Strong knowledge of key cybersecurity domains, including Identity and Access Management and Incident Management High-level analytical ability to solve unusual and complex problems Ability to maintain up-to-date working knowledge of cybersecurity principles and best practices Experience in senior stakeholder management and providing clear, relevant management reporting, professional communication - written and verbal. Eligibility to work in the UK. Desirable: Experience in technology projects such as cyber infrastructure implementation or replacement initiatives Understanding of global program structures, launch plans, timing, and ownership Ability to coach and mentor team members through knowledge transfer and constructive feedback Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.
Apr 28, 2026
Full time
Senior Cyber Security Splunk SME Full Time Permanent Fully onsite - Moorgate, London EC2Y £80-92K basic + benefits (5% pension, 25 days hols, life insurance, medical cover) Are you an experienced Splunk SME looking for a new challenge? Do you have a strong background in Splunk, IAM and SOAR with a high-level understanding of wider Splunk ecosystem, along with Incident Management, Python and Powershell skills? Here at ARM, we are recruiting for a full time permanent Splunk SME for a global IT services and consultancy client of ours. Our client: They're a leading business with a global reach that empowers local teams, and they undertake hugely exciting work that is genuinely changing the world. Their advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects. They're a rapidly growing, people-first technology organisation and part of a $1B global service provider delivering end-to-end IT Outsourcing (ITO) and Cyber Defence services to clients across the UK and beyond. Within their Security Practice, they provide a range of services including Managed Detection and Response (MDR), Vulnerability Management, Penetration Testing, Incident Response, and consultancy led Security Advisory services. You'll be joining a team that values learning, celebrates innovation, and supports your career journey every step of the way. The Opportunity: We are looking for a skilled Splunk Specialist to deliver end-to-end Splunk engagements, helping clients build and enhance their security monitoring capabilities. You will lead the full project lifecycle, from requirements gathering and stakeholder engagement through to data onboarding, alert development, and dashboard creation, ensuring solutions are aligned to both business and security objectives. You will bring strong hands-on experience with Splunk Enterprise Security and a proven track record in delivering cybersecurity projects. This includes designing and implementing detection use cases, tuning alerts, and developing dashboards that provide clear, actionable insights for security operations teams. Experience with SOAR and UEBA technologies is advantageous but not essential. This role suits someone who enjoys working in a client-facing environment, solving complex challenges, and contributing to the ongoing evolution of modern Security Operations Centres. What You'll Be Doing: Design, build, and continuously enhance detection capabilities within Splunk across Linux and Windows environments, including log onboarding, normalisation, and enrichment Develop and maintain high-quality detection content such as correlation searches and risk-based alerting within Splunk Enterprise Security Write and optimise complex queries to support threat detection, proactive threat hunting, and anomaly identification Map detection logic to adversary behaviours using the MITRE ATT&CK Framework, ensuring effective coverage of tactics, techniques, and procedures Work with the wider Splunk ecosystem, including tools like TrackMe, and contribute to automation and orchestration initiatives (including exposure to SOAR where applicable) Leverage scripting languages such as Python and PowerShell to automate detection logic, enrich data, and integrate with security workflows Provide mentorship and technical guidance to junior engineers, particularly on Splunk backend activities such as data ingestion, parsing, indexing, and troubleshooting Collaborate closely with SOC analysts, incident responders, and global engineering teams to improve detection and response capabilities Apply strong analytical and problem-solving skills to translate threat intelligence into actionable detection use cases and continuously improve security operations What We're Looking For: Essential: Experience working on multiple projects with broad scope, ambiguity, and a high degree of difficulty Demonstrable proficiency across a wide range of IT and cybersecurity technologies Strong knowledge of key cybersecurity domains, including Identity and Access Management and Incident Management High-level analytical ability to solve unusual and complex problems Ability to maintain up-to-date working knowledge of cybersecurity principles and best practices Experience in senior stakeholder management and providing clear, relevant management reporting, professional communication - written and verbal. Eligibility to work in the UK. Desirable: Experience in technology projects such as cyber infrastructure implementation or replacement initiatives Understanding of global program structures, launch plans, timing, and ownership Ability to coach and mentor team members through knowledge transfer and constructive feedback Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.
PRINCIPAL CYBERSECURITY ENGINEER SC Cleared - UK Only - (Sponsorship is unavailable) you must hold SC Clearance.Provide expert advice on the defences against cyber threats, data breaches, and emerging risks. This includes offering guidance on the selection, design, justification, implementation, and operational management of cybersecurity strategies, technologies, and standards. Contribute to the development and refinement of controls and processes to ensure the safety, confidentiality, integrity, availability, and overall security of data stored on systems. You will be responsible for identifying gaps in existing cybersecurity policies and procedures and, in collaboration with security, network, information governance, and technical leads, developing new measures to address these gaps. KEY RESPONSIBILITIES: You will work closely with system and service owners, as well as internal and external stakeholders, to design, implement, and enforce appropriate protective and detective security controls, policies, and procedures. The role includes the administration and operational management of security tooling and SIEM platforms, with responsibility for monitoring, detecting, and responding to cyber threats, intrusions, and unauthorised or suspicious activity. This includes Microsoft Sentinel (data and source tuning, creation and maintenance of workbooks and connectors, and threat intelligence review), Microsoft Defender for Endpoint and Defender for Cloud, and Darktrace, including system and model tuning, email module management, and configuration of autonomous response actions. You will be responsible for incident response activities, including triaging security alerts, investigating incidents, coordinating escalation and remediation, and conducting root cause analysis. You must be able to communicate effectively about security incidents and cyber risks to both technical and non-technical stakeholders. The role works closely with the Security Operations Centre (SOC) partner, supporting the assessment and investigation of alerts and contributing to the development and refinement of incident response plans and playbooks. You will support vulnerability management activities, including vulnerability assessments, annual audits, and penetration testing. This includes preparing and presenting incident, threat, and compliance reporting to stakeholders at all levels, including compiling a monthly SIRO report. Continuous improvement is a core responsibility. You will conduct post-incident reviews, recommend control and process improvements, and contribute to the creation and maintenance of cybersecurity governance documentation. You will also research emerging cyber threats and mitigation strategies and provide reports or presentations to senior stakeholders as required. The role supports cybersecurity training and awareness initiatives, promoting a strong security culture and helping to upskill colleagues in cybersecurity best practices. You will also collaborate with solution architects and project teams to ensure security is embedded into system and application designs, supporting secure architecture and delivery from the outset. Compliance & Framework Alignment: Ensure security operations align with regulatory standards and frameworks such as NIST, ISO 27001, and NCSC CAF. Person SpecificationEssential: Demonstrated experience with Microsoft Sentinel, Microsoft Defender for Endpoint/Cloud SIEM tools, threat intelligence platforms, and vulnerability management. Technical experience securing Microsoft Azure and Amazon Web Services cloud environments as well as on-premise/virtual Microsoft technologies. Strong analytical, communication, and problem-solving skills, including the ability to produce clear technical and non-technical reports. Ability to analyse and interpret security events/logs and perform remediation work to address security issues. Desirable: Recognised cybersecurity certifications (e.g., CompTIA Security+, CEH, GIAC, CISSP). Experience with DarkTrace Qualifications Bachelor's degree in Cybersecurity or Computer Science Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
Apr 21, 2026
Full time
PRINCIPAL CYBERSECURITY ENGINEER SC Cleared - UK Only - (Sponsorship is unavailable) you must hold SC Clearance.Provide expert advice on the defences against cyber threats, data breaches, and emerging risks. This includes offering guidance on the selection, design, justification, implementation, and operational management of cybersecurity strategies, technologies, and standards. Contribute to the development and refinement of controls and processes to ensure the safety, confidentiality, integrity, availability, and overall security of data stored on systems. You will be responsible for identifying gaps in existing cybersecurity policies and procedures and, in collaboration with security, network, information governance, and technical leads, developing new measures to address these gaps. KEY RESPONSIBILITIES: You will work closely with system and service owners, as well as internal and external stakeholders, to design, implement, and enforce appropriate protective and detective security controls, policies, and procedures. The role includes the administration and operational management of security tooling and SIEM platforms, with responsibility for monitoring, detecting, and responding to cyber threats, intrusions, and unauthorised or suspicious activity. This includes Microsoft Sentinel (data and source tuning, creation and maintenance of workbooks and connectors, and threat intelligence review), Microsoft Defender for Endpoint and Defender for Cloud, and Darktrace, including system and model tuning, email module management, and configuration of autonomous response actions. You will be responsible for incident response activities, including triaging security alerts, investigating incidents, coordinating escalation and remediation, and conducting root cause analysis. You must be able to communicate effectively about security incidents and cyber risks to both technical and non-technical stakeholders. The role works closely with the Security Operations Centre (SOC) partner, supporting the assessment and investigation of alerts and contributing to the development and refinement of incident response plans and playbooks. You will support vulnerability management activities, including vulnerability assessments, annual audits, and penetration testing. This includes preparing and presenting incident, threat, and compliance reporting to stakeholders at all levels, including compiling a monthly SIRO report. Continuous improvement is a core responsibility. You will conduct post-incident reviews, recommend control and process improvements, and contribute to the creation and maintenance of cybersecurity governance documentation. You will also research emerging cyber threats and mitigation strategies and provide reports or presentations to senior stakeholders as required. The role supports cybersecurity training and awareness initiatives, promoting a strong security culture and helping to upskill colleagues in cybersecurity best practices. You will also collaborate with solution architects and project teams to ensure security is embedded into system and application designs, supporting secure architecture and delivery from the outset. Compliance & Framework Alignment: Ensure security operations align with regulatory standards and frameworks such as NIST, ISO 27001, and NCSC CAF. Person SpecificationEssential: Demonstrated experience with Microsoft Sentinel, Microsoft Defender for Endpoint/Cloud SIEM tools, threat intelligence platforms, and vulnerability management. Technical experience securing Microsoft Azure and Amazon Web Services cloud environments as well as on-premise/virtual Microsoft technologies. Strong analytical, communication, and problem-solving skills, including the ability to produce clear technical and non-technical reports. Ability to analyse and interpret security events/logs and perform remediation work to address security issues. Desirable: Recognised cybersecurity certifications (e.g., CompTIA Security+, CEH, GIAC, CISSP). Experience with DarkTrace Qualifications Bachelor's degree in Cybersecurity or Computer Science Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at hays.co.uk
Our client, a leading organisation within the defence and advanced technology sector, is seeking a Product Cyber Security Specialist to support the delivery of secure, mission critical systems. This role offers the opportunity to work across complex engineering programmes, contributing to the protection and resilience of advanced defence platforms. The Role As a Product Cyber Security Specialist, you will provide cyber security expertise across the full systems engineering lifecycle. Working closely with engineering and delivery teams, you will support the identification, assessment and management of cyber risks, ensuring security is embedded throughout product development. You will also contribute to the ongoing development of product cyber security capabilities, including the use of automation and emerging technologies to enhance assurance processes. Key Responsibilities Support and enhance automation of cyber security risk and vulnerability assessment activities, including the use of advanced technologies Provide cyber security expertise across the product systems engineering lifecycle Maintain and manage cyber security risk artefacts, ensuring accuracy and consistency Provide timely technical guidance to engineering and delivery teams Plan cyber security activities and contribute to project estimates and planning Support delivery of proportionate and effective cyber security approaches across programmes Contribute to the development and continuous improvement of cyber security capability Essential Requirements Degree in Engineering, Computer Science, Cyber Security, or equivalent experience Strong background in cyber security and/or engineering environments Interest in cyber security within industrial control systems or operational technology Experience working with engineering or cyber design data Awareness of industrial control systems environments Knowledge of cyber security frameworks such as NIST CSF Experience in threat modelling using frameworks such as MITRE ATT&CK, DEF3ND or EMB3D Experience in cyber security risk management Familiarity with vulnerability, patch and update management processes Desirable Skills Understanding of Secure by Design principles aligned to UK MOD standards (e.g. DEFSTAN 05-139, DEFSTAN 05-138) Familiarity with ISA/IEC 62443 Experience or certifications relating to operational technology or industrial control systems This is an opportunity to join a well established organisation delivering advanced solutions within the defence sector. The role offers strong potential for professional development and involvement in high impact, technically challenging programmes.
Apr 15, 2026
Full time
Our client, a leading organisation within the defence and advanced technology sector, is seeking a Product Cyber Security Specialist to support the delivery of secure, mission critical systems. This role offers the opportunity to work across complex engineering programmes, contributing to the protection and resilience of advanced defence platforms. The Role As a Product Cyber Security Specialist, you will provide cyber security expertise across the full systems engineering lifecycle. Working closely with engineering and delivery teams, you will support the identification, assessment and management of cyber risks, ensuring security is embedded throughout product development. You will also contribute to the ongoing development of product cyber security capabilities, including the use of automation and emerging technologies to enhance assurance processes. Key Responsibilities Support and enhance automation of cyber security risk and vulnerability assessment activities, including the use of advanced technologies Provide cyber security expertise across the product systems engineering lifecycle Maintain and manage cyber security risk artefacts, ensuring accuracy and consistency Provide timely technical guidance to engineering and delivery teams Plan cyber security activities and contribute to project estimates and planning Support delivery of proportionate and effective cyber security approaches across programmes Contribute to the development and continuous improvement of cyber security capability Essential Requirements Degree in Engineering, Computer Science, Cyber Security, or equivalent experience Strong background in cyber security and/or engineering environments Interest in cyber security within industrial control systems or operational technology Experience working with engineering or cyber design data Awareness of industrial control systems environments Knowledge of cyber security frameworks such as NIST CSF Experience in threat modelling using frameworks such as MITRE ATT&CK, DEF3ND or EMB3D Experience in cyber security risk management Familiarity with vulnerability, patch and update management processes Desirable Skills Understanding of Secure by Design principles aligned to UK MOD standards (e.g. DEFSTAN 05-139, DEFSTAN 05-138) Familiarity with ISA/IEC 62443 Experience or certifications relating to operational technology or industrial control systems This is an opportunity to join a well established organisation delivering advanced solutions within the defence sector. The role offers strong potential for professional development and involvement in high impact, technically challenging programmes.
