Job Details Cyber Security Engineer R31350

The Cyber Security Engineer plays a vital role in maintaining and optimising SOC tools and environments to ensure peak performance and visibility across MBDA's networks. The role focuses on Splunk optimisation, SOC automation, and the integration of emerging technologies to drive continuous improvement and resilience within our cyber ecosystem. Reporting to the Cyber Security Capability Manager, the engineer collaborates closely with engineers, analysts and other security stakeholders to meet the evolving challenges of the cyber threat landscape.

• Act as the subject matter expert (SME) for Splunk across all cyber security and observability use cases.
• Lead SOC automation initiatives using scripting and SOAR tools, optimising processes through AI and ML technologies.
• Support alert tuning, connectivity, and visibility across monitored networks and infrastructure.
• Maintain and document SOC integrations, ensuring accurate configuration and performance visibility.
• Oversee SOC appliance maintenance, including patching, software updates, and certificate management.
• Support the creation and testing of playbooks, scripts, and automation workflows to enhance SOC efficiency.
• Track and coordinate upgrades and lifecycle refreshes of SOC tools in line with end-of-support timelines.
• Collaborate with Information Management teams to recover from service disruptions and enhance tool performance.
• Provide expert input at incident and problem management meetings, supporting remediation and recovery efforts.
• Contribute to proof‑of‑concept (POC) testing and integration of new security capabilities.
• Support the SOC during investigations by creating advanced queries and scripts to identify root causes or indicators of compromise (IOCs).
• Deputise for other Cyber Security Engineers during absences to ensure continuity of capability.

• Strong coding and scripting skills (PowerShell, Python, Regex).
• Proven experience working with APIs (HTTP/S, JSON).
• Hands‑on expertise with Splunk Enterprise Security, including upgrades, data ingestion, and optimisation.
• Experience with Proxies administration, Windows (SMB) and Nix (NFS) storage, IIS configuration, and Active Directory/LDAP authentication.
• Proficiency in managing certificates, applying software updates, and supporting end‑of‑life refresh activities.
• Experience with VMware or Hyper‑V environments and virtual networking.
• Demonstrated capability in implementing and maintaining cyber security tooling.
• Familiarity with AI or machine learning for workflow and playbook optimisation.

Salary: Circa £50,000 – £60,000 depending on experience.

Dynamic (hybrid) working: 2 days per week on‑site due to workload classification.

Security Clearance: British Citizen or a Dual UK national with British citizenship. Restrictions and/or limitations relating to nationality and/or rights to work may apply. All successful candidates will need to undergo HMG Basic Personnel Security Standard checks (BPSS).

• Annual leave: 25 days per calendar year, plus all statutory and public holidays. Additional days added at 5, 10 and 15 years of service.
• Pension: employer and employee contribution up to 14% of salary.
• Overtime: opportunity for paid overtime.
• Flexi‑Leave: up to 15 additional days.
• Enhanced parental leave: up to 26 weeks for maternity, adoption and shared parental leave with additional enhancements for paternity, neonatal and fertility support.
• Flexible working arrangements are welcomed.

We are proud of our employee‑led networks, including Gender Equality, Pride, Menopause Matters, Parents & Carers, Armed Forces, Ethnic Diversity, Neurodiversity and Disability. We encourage applicants of all backgrounds to speak to us for any support or adjustments throughout our recruitment process.