SR2 is supporting a mature Security Operations Centre (SOC) that delivers critical monitoring and response capabilities for a large-scale central government portfolio. We are seeking two experienced SOC Analysts (Level 2/3) with proven Splunk experience to join the team and help maintain the integrity, confidentiality and availability of sensitive systems and data, as well as to assist in the training and upskilling of the existing team.

This SOC provides a managed service that supports a growing number of government-aligned environments. Currently monitoring three tenants, the ambition is to scale this to eleven tenants over the next 12 months. The SOC processes 2TB of logs per day and operates 70 active use cases. The team and operating model are already well-established, with robust processes and mature ways of working in place.

Essential Skills & Experience:

• Experience in a Level 2 or Level 3 SOC role within a government, defence, or regulated environment
• Hands-on Splunk experience required, ideally including Splunk Enterprise Security
• Splunk Core Certified Power User certification is desirable but not essential. Equivalent experience is accepted where candidates demonstrate:
  • Ability to search and report using SPL
  • Creation and use of knowledge objects (field aliases, macros, event types, etc.)
  • Familiarity with the Common Information Model (CIM) and data normalisation principles
• Understanding of key log sources including Windows, Linux, firewalls, proxies, and cloud platforms
• Experience with SIEM rule tuning, alert triage workflows and SOC playbooks
• Excellent written and verbal communication skills, with the ability to write structured incident reports
• Active SC Clearance is mandatory