Consultant / Senior Consultant - Cybersecurity Operation Centre (Splunk Engineer) - Tech Consulting

What if we didn’t focus on who you are now, but who you could become?

Here at EY, you will have the chance to build a career as unique as you are, with the global scale, support, inclusive culture and technology to become the best version of you. Join us and build an exceptional experience for yourself, and a better working world for all. 

The exceptional EY experience. It's yours to build.

The opportunity: your next adventure awaits

Technology Consulting business is a fast-growing sub-service line within EY’s Consulting service line. A dynamic group focused on providing high-value independent, trusted advice to clients, with a focus on transformation programmes.

EY work with clients in creating value and delivering world-class Digital, Data & IT capabilities to support business needs. Working closely with our industry groups and leveraging the EY brand as independent, trusted advisors, we provide our high-profile clients with a range of services.

We are seeking a skilled Splunk Engineer to join our cybersecurity and observability team. The candidate should have hands-on experience managing the complete Splunk lifecycle, including migrations, platform optimization, use case development, and deep integration with EDR/XDR and SOAR platforms such as SentinelOne and Cisco XDR.
The role spans AWS environments, endpoint security, threat detection, and automated response, delivering advanced SOC and observability capabilities in a 24×7 operational environment.

Key Responsibilities

• Own and execute Splunk migration projects from on-premises to Splunk Cloud (SaaS), ensuring minimal disruption, scalability, and adherence to Splunk best practices.
• Design, implement, and maintain Splunk security and observability use cases, dashboards, reports, and alerts for SOC, threat hunting, and IT operations.
• Integrate Splunk with SentinelOne (Singularity Platform) for EDR/XDR telemetry ingestion, advanced correlation, and endpoint-driven threat detection and response.
• Correlate SentinelOne alerts, behavioral detections, storyline data, and endpoint telemetry with Splunk Enterprise Security for enhanced investigation and threat hunting.
• Integrate Splunk with UEBA, AI-driven analytics, Wazuh, SentinelOne, Cisco XDR/SOAR, and other security tools to enable end-to-end detection and response.
• Develop and maintain correlation searches, risk-based alerting (RBA), and ES notable events leveraging endpoint, network, cloud, and identity data.
• Perform Splunk platform administration, including installation, upgrades, performance tuning, index/storage optimization, and troubleshooting.
• Design and maintain custom parsers, field extractions, lookups, and CIM-compliant normalization for diverse log sources, including endpoint and EDR data.
• Onboard and manage AWS security and operational logs (CloudTrail, GuardDuty, VPC Flow Logs, ELB/ALB, CloudWatch, Security Hub) into Splunk.
• Develop and document SOAR/XDR playbooks integrating Splunk with SentinelOne and Cisco XDR for automated containment, isolation, remediation, and enrichment.
• Collaborate with SOC, IR, and IT teams to identify detection gaps and create custom security use cases aligned with business and risk priorities.
• Provide guidance and enablement to L1/L2 SOC analysts on Splunk, SentinelOne alert triage, investigations, and response workflows.
• Maintain documentation including architecture diagrams, SOPs, onboarding guides, and runbooks.
• Stay current with Splunk, SentinelOne, XDR/EDR trends, and emerging threat techniques (MITRE ATT&CK).

Skills & Qualifications

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• Strong experience with Splunk Enterprise and/or Splunk Cloud (SaaS), including architecture, deployment, and migrations.
• Hands-on experience integrating SentinelOne EDR/XDR with SIEM platforms (Splunk), including API-based ingestion and alert correlation.
• Solid understanding of endpoint security concepts, malware behavior, ransomware detection, lateral movement, and persistence techniques.
• Experience with Wazuh, UEBA, AI/ML-driven analytics, and security data enrichment.
• Proficiency in log ingestion, indexing, SPL searches, dashboards, correlation rules, alerts, and knowledge objects.
• Experience with Splunk Enterprise Security (ES) and risk-based alerting models.
• Hands-on experience ingesting and analyzing AWS cloud security logs in Splunk.
• Familiarity with Cisco security ecosystem, including Umbrella, Secure Firewall, Secure Endpoint, Cisco XDR, SOAR playbooks, SecureX.
• Understanding of networking, operating systems (Windows/Linux), and SOC operations.
• Splunk certifications (Core, ES, Cloud Admin) and SentinelOne or XDR-related certifications are a strong plus.

Soft Skills

• Strong analytical, investigative, and problem-solving skills.
• Ability to translate technical detections into actionable SOC outcomes.
• Excellent communication and collaboration skills across SOC, IR, and IT teams.
• Comfortable working in a fast-paced, 24/7 SOC environment.
• Proactive mindset with a focus on automation, detection maturity, and continuous improvement.

Desired Experience

• 3–5 years of experience in Splunk administration, security engineering, or SOC analytics.
• Proven experience with Splunk Cloud migrations, SaaS management, or large-scale deployments.
• Hands-on experience integrating SentinelOne with SIEM/SOAR for endpoint detection, automated containment, and investigation workflows.
• Experience creating security use cases and SOAR/XDR playbooks using Splunk ES, SentinelOne, and Cisco XDR.
• Exposure to threat hunting, incident response, and MITRE ATT&CK–aligned detections.

What we look for

If you’re a natural leader, with a talent for motivating individuals, building relationships, and solving complex client problems, we’re interested in you. You’ll need to be ready to listen and confident in challenging the status quo. Top performers in this role will have strong experience contributing content to pursuits, collaboratively structuring work, managing teams, developing reusable collateral, and experience working with client executives.

If you have a genuine passion for helping businesses achieve their full potential, this role is for you.

If you have the confidence to speak up and influence a team that affects big businesses worldwide, this role is for you.

What working at EY offers

At EY, our Total Rewards package supports our commitment to creating a leading people culture - built on high-performance teaming - where everyone can achieve their potential and contribute to building a better working world for our people, our clients, and our communities. It's one of the many reasons we repeatedly win awards for being a great place to work.

We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development. Plus, we offer:

• Support, coaching, and feedback from some of the most engaging colleagues around.
• Opportunities to develop new skills and progress your career.
• The freedom and flexibility to handle your role in a way that’s right for you.

EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.

About EY

As a global leader in Assurance, Consulting, Strategy and Transactions, Tax, we hire and develop the most passionate people in their field to help build a better working world. This starts with a culture that believes in giving you the training, opportunities, and creative freedom to make things better. So that whenever you join, however long you stay, the exceptional EY experience lasts a lifetime. And with a commitment to hiring and developing the most passionate people, we’ll make our ambition to be the best employer a reality.

If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.

EY will recommend applicants to read our privacy statement prior to completing the pre application form above: https://www.ey.com/en_gl/privacy-statement 

Join us in Shaping the future with confidence. Apply now

Only shortlisted candidates will be contacted.