SR2 are supporing a key consulting client who are looking for a Splunk Security Engineer specialising in Use Case Content Development to support a major public sector security programme. Sitting within an intelligence-led SOC team, this role focuses on developing, testing, and tuning detection content in Splunk, based on real-world threat models.

The successful candidate will help address a current capability gap by taking ownership of the full content development lifecycle—from use case intake to tested logic—freeing up existing capacity and driving operational effectiveness.

Key Responsibilities

• Turn defined use cases and threat scenarios into actionable detection logic in Splunk.
• Develop, tune, and validate correlation searches, alerts, and dashboards.
• Operate within a continuous feedback loop: threat modelling → use case → detection logic → tuning.
• Collaborate with the existing SOC team to implement and test new detections.
• Help refine processes and contribute to improving detection coverage and performance.

Essential Experience

• Strong hands-on experience with Splunk (Enterprise Security preferred), particularly in building and tuning security content.
• Ability to translate threat behaviours and incident data into logical, actionable detection use cases.
• Comfortable working in agile and high-volume environments (multi-tenant SOC, cloud-first).
• Experience supporting a SOC or cyber defence function with content engineering or detection logic.
• Current SC clearance.

Context

• This role supports a mature, delivery-focused SecOps team working beneath a central government SOC estate.
• The programme is onboarding new tenants and scaling log volumes significantly.
• There is currently one individual covering multiple detection roles—this hire will help relieve pressure and bring focus to use case content development.