Group Policy can be used to deploy the changes you need, but IIRC the changes themselves are not trivial. Some hints that all lead to the same non-trivial answer are here, here, here and here. Those all seem to refer to server 2003 and 2008, a cursory search for 2012 isn't clear whether it's different or not, but surely more searching will help that. I found this powershell script which does something that may help you figure out what you need, too.

A bigger note - the only things I know about your various teams structure is the tiny little bit you wrote above, but it seems to me that the security team responsible for declaring that the Splunk UF must run under a non-privileged account should be responsible for assigning permissions to the account they'd like you to use. You should only have to request that the account they install the UF under have read permission to the Security Event Log. "If you'd like me to collect the event logs as a non-privileged user, please provide a non-privileged user account that has read permission to the Security Event Log". 🙂

One other potential option that may sideskirt this issue: You could use Windows' built in Event Log Forwarding to forward all those event log entries you want to a central event server. On THAT server you could run a UF as a local admin and grab all those forwarded events. That's a bit finicky to get set up, but frankly I think it may be less finicky than trying to change permissions on the security event logs.