Splunk Engineer / Security Architect Location: Hybrid - Remote with up to 2 days/week in Contract Duration: 9 months (192 working days) Active SC clearance requiredRole OverviewWe are seeking an experienced Splunk Engineer / Security Architect to lead strategic and tactical improvements to the SIEM and associated components across a large-scale hybrid security environment. You''ll play a pivotal role in enhancing monitoring capabilities, driving SIEM convergence, and supporting the maturity of security operations.This role is aligned to a national programme improving the government''s ability to detect and respond to cyber threats across multiple portfolios. You''ll work alongside the SIEM Product Owner and CSOC teams to define and deliver architectural and engineering enhancements using Splunk SaaS and related technologies.Key ResponsibilitiesProduce and maintain architecture diagrams, high- and low-level design documentationLead configuration of Splunk and associated infrastructure (AWS EC2, S3, SQS, etc.)Drive use case development aligned with CSOC and MITRE ATTandCK frameworkAttend and represent the project at key technical forums (ADF, TDA, workshops)Deliver improvements to SIEM architecture, use cases, automation, and data enrichmentImprove onboarding processes for directorates and manage onboarding QALead integration of SOAR, Attack Analyzer, and other tooling into operational useStandardise collection tier components using Infrastructure as Code (IaC) where possibleE