Splunk Engineer - Cribl (NV1)

Long-term contract to utilise strong Splunk and Cribl skills in an NV1 cleared environment. Experience with Splunk Phantom/SOAR highly desirable.

You will be working across different projects from a Splunk perspective, on use case development, log ingestion setup and, in some cases, the setup and build of a Splunk SIEM.

This role can be based anywhere across Australia but you will be working on East Coast time zones. Interview process is a quick 1, maximum 2 round process with no DIY/take-home tasks.

This role requires deep expertise in modern security data architectures, large-scale log ingestion, data transformation, and federated search across SIEM and Data Lake platforms. You will help design, implement, and optimise scalable logging and SOC integration architectures to deliver cost efficiency, operational resilience, and readiness for next-gen SOC operations.

Aboriginal and Torres Strait Islander Peoples are encouraged to apply. To apply please click apply or call Paolo Paparo on 02 8289 3150 for a confidential discussion.

• Design and implement security data pipelines (e.g., Cribl, Splunk DMX, Kafka-based pipelines).
• Architect and optimise Security Data Lakes (AWS Security Lake, Snowflake, Delta Lake).
• Configure and manage SIEM platforms (Splunk, Microsoft Sentinel, or equivalent).
• Develop log rationalisation, enrichment, suppression, and parsing strategies.
• Build and manage data ingestion frameworks, schema management, and ETL/ELT pipelines.
• Enable federated search and cross-platform analytics across SIEMs and data lakes.
• Support SOC onboarding by integrating SIEM pipelines with SOAR, TI, and case management systems.
• Conduct readiness validation and performance benchmarking of logging and SOC onboarding architectures.
• Provide knowledge transfer, documentation, and operational playbooks.

• 5+ years’ experience in security operations engineering, SIEM, or data platforms.
• Data engineering expertise in log ingestion, schema transformation, and distributed systems.
• Strong expertise with at least one security data pipeline (Cribl Stream, Splunk DMX, Fluentd, Logstash).
• Hands-on experience with data lakes (AWS Security Lake, Snowflake, Microsoft Fabric, or Delta Lake).
• Proficiency in SIEM platforms (Splunk Cloud/Enterprise Security, Microsoft Sentinel).
• Strong scripting and automation skills (Python, SQL, PowerShell).
• Familiarity with cloud environments (AWS, Azure, GCP).
• Strong experience with SOC onboarding workflows and integrations (ticketing, SOAR, TI).
• Excellent communication and documentation skills.

Contract Type: Contract

Focus: Cyber Security & Risk

Salary: AUD120 - AUD138 per hour + incl. super (or plus GST)

Workplace Type: Remote

Experience Level: Mid Management

Location: Sydney

Job Reference: 06GTAH-8F3F8ABE

Date posted: 10 October 2025