Consultant / Senior Consultant – Cybersecurity Operations Centre (Splunk Engineer)

About the role

EY is looking for a skilled Splunk Engineer to join its Cybersecurity Operations Centre. You will work on end‑to‑end Splunk lifecycle projects, integrate security tools, and support a 24×7 SOC environment across AWS and on‑premise landscapes.

Key responsibilities

• Lead Splunk migration projects from on‑premises to Splunk Cloud (SaaS) while ensuring minimal disruption and scalability.
• Design, implement and maintain security and observability use cases, dashboards, reports and alerts for SOC, threat hunting and IT operations.
• Integrate Splunk with SentinelOne, Cisco XDR/SOAR and other security platforms for telemetry ingestion, correlation and automated response.
• Develop and maintain correlation searches, risk‑based alerting and notable events using endpoint, network, cloud and identity data.
• Perform Splunk platform administration, including installation, upgrades, performance tuning, index/storage optimisation and troubleshooting.
• Create custom parsers, field extractions, lookups and CIM‑compliant normalisation for diverse log sources.
• Onboard and manage AWS security and operational logs (CloudTrail, GuardDuty, VPC Flow Logs, ELB/ALB, CloudWatch, Security Hub) into Splunk.
• Document and develop SOAR/XDR playbooks that integrate Splunk with SentinelOne and Cisco XDR for automated containment and isolation.

Required profile

• Hands‑on experience managing the full Splunk lifecycle, including migrations and platform optimisation.
• Proven ability to design and implement security use cases and dashboards for SOC environments.
• Experience integrating Splunk with EDR/XDR and SOAR solutions such as SentinelOne and Cisco XDR.
• Familiarity with AWS security services and log sources.
• Ability to work in a 24×7 operational environment and collaborate with cross‑functional teams.

Required skills

• Splunk (Splunk Cloud, Splunk Enterprise Security)
• SentinelOne (Singularity Platform)
• Cisco XDR / SOAR
• AWS services: CloudTrail, GuardDuty, VPC Flow Logs, ELB/ALB, CloudWatch, Security Hub
• UEBA and AI‑driven analytics
• Wazuh

What we offer

• Opportunity to work with a global leader in professional services.
• Access to cutting‑edge cybersecurity technologies and large‑scale transformation projects.
• Inclusive culture and continuous learning environment.