SIEM Security Engineer

For ourInvestment Bank Technologydivision inLondon,we are looking to hire a:

We are seeking an experienced Splunk Engineer (very much with a DevOps mindset) to join our Berenberg’s Investment Banking Technology department. They will be expected to closely collaborate with a wide range of different teams (infrastructure, development, InfoSec etc). This role is responsible for designing, implementing, and maintaining our Splunk environment, ensuring the effective monitoring and security of financial systems and data. The ideal candidate will have a solid background in data analysis and cybersecurity. They will be working alongside our IT security and analytics teams to drive insights, improve operational efficiencies, and ensure compliance with regulatory requirements.

What will you do?

• Extensive experience in designing and implementing Splunk use cases specifically tailored to the unique needs of financial services, such as fraud detection, transaction monitoring, and regulatory compliance. This includes understanding business requirements and translating them into actionable Splunk use cases that support business goals and security objectives. The engineer should have a track record of collaborating with stakeholders to identify critical event data, determine relevant KPIs, and set up dashboards, reports, and alerts that provide meaningful insights to operations and security teams.
• Skilled in the end-to-end process of onboarding various log sources into Splunk, with a focus on diverse financial systems, security devices, network appliances, and cloud environments. This includes expertise in data extraction, transformation, and loading (ETL) processes, ensuring that log data is parsed, normalized, and enriched to enable comprehensive monitoring. The engineer should be proficient in working with various protocols (e.g., Syslog, HTTP Event Collector) and have a deep understanding of financial data formats and log structures to ensure compatibility with Splunk's data models.

Monitoring and Detection Tuning:Demonstrated ability to configure, fine-tune, and optimize Splunk's monitoring and detection capabilities to provide highly accurate alerts for security events, performance issues, and other anomalies. This includes experience with developing custom correlation rules, leveraging machine learning models, and minimizing false positives to allow teams to focus on genuine threats. The engineer should understand the types of threats prevalent in the financial sector (e.g., insider threats, phishing attacks, DDoS) and be able to adjust Splunk's configuration to address these specific risks effectively.

Incident Response Support:Proven ability to collaborate with incident response (IR) teams and provide actionable insights during security incidents. This includes creating queries and dashboards in Splunk to investigate root causes, trace attack vectors, and assess the scope of incidents. The engineer should be able to assist with forensic analysis by identifying patterns, generating timelines, and producing detailed reports on security incidents. Their support helps the IR team contain threats quickly and reduce overall incident response time, while also providing lessons learned for future preventive measures.

Collaboration with SOC & IT Teams:Effective at working closely with Security Operations Center (SOC) analysts, IT security teams, and other technical groups to ensure Splunk’s configuration aligns with broader security and operational objectives. This includes active participation in threat-hunting exercises, feedback loops with SOC for continual alert refinement, and contributing to team knowledge sharing. The engineer should provide technical guidance on how to maximize Splunk’s capabilities, offering training and documentation to help other team members leverage Splunk in ongoing threat detection, compliance tracking, and performance monitoring efforts.

• Expertise in Splunk Enterprise, including administration, configuration, and maintenance.
• Proficiency with query languages (e.g., SPL) for data search, correlation, and analytics and Bash scripting, Linux, Python.
• Strong understanding of cybersecurity principles and practices, especially in the context of financial services.
• Knowledge of regulatory standards (e.g., PCI DSS, SOX, GLBA) affecting financial institutions.
• Strong experience working with incident response teams, providing Splunk-based insights and actionable data during security incidents, including root cause analysis and forensic investigations.
• Exposure to working with security and network operations teams.
• Experience with Privilege Access Management solutions.
• Incident Management process understanding.
• Experience in capacity management concepts and implementations.
• Experience with Containers (Docker) and Kubernetes.

What we offer you:

• Private pension plan - 10% of base salary contribution by Berenberg.
• Life Insurance scheme.
• Flexible working hours.
• Enhanced parental leave policies.
• Employee Assistance Programme offering counselling sessions related to mental health, financial wellbeing, and other topics.

Apply online now to join our team –we look forward to receiving your application!

We provide opportunities for them to develop their talents, explore different career paths and achieve their full potential. We’re an ambitious, forward-looking business, backed by centuries of tradition and built on innovation. You’ll find a culture that encourages people to think independently, act entrepreneurially and challenge the status quo. Together we collaborate to shape our business and fulfill our ambitious goals. We welcome you to join us in our commitment to always do the right thing for our people, clients and our business – Our future is where you take us!

We’re committed to finding reasonable accommodations for candidates who require adjustments during our recruiting process. Please contact us directly on to discuss.

#J-18808-Ljbffr