Back to search
Anson McCade Linkedin · Posted 3d ago

SIEM Engineer

United Kingdom

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Location(s): UK (Guildford or Frimley)

Working Arrangements: Hybrid and flexible working options available


Key Responsibilities

  • SIEM Application Management: Design, deploy, and configure SIEM applications (including Splunk Enterprise, Enterprise Security, Splunk SOAR/UBA, Microsoft Sentinel, Elastic, and Microsoft XDR).
  • Infrastructure Specification: Define infrastructure requirements (RAM, Disk, CPU, Network bandwidth) for SIEM applications.
  • System Integration: Integrate SIEM applications with Identity Management, Vulnerability Management (e.g., Nessus), Asset/Configuration Management, Cyber Threat Intelligence, and Case Management solutions.
  • Log Onboarding: Design, implement, and manage log collection and onboarding activities to the SIEM.
  • Detection & Automation: Identify initial sets of use cases and playbooks for detection and automation content, overseeing development, testing, and release.
  • Deployment Environments: Support the deployment of SIEM applications to cloud hosting, containers, and on-premises hosted VMs.
  • Release & Change Management: Oversee implementation activities to ensure entry criteria are met, planned activities are completed, and rollback plans are initiated if required. Review and approve documentation (design, deployment, configuration, and admin guides).
  • Technical SME Support: Act as a cyber technical specialist providing deep knowledge of monitoring technologies, threat tools, tactics, techniques, and procedures (TTPs). Provide generalist SME support for tools like Jira and Cribl.
  • Testing: Develop test procedures to ensure solutions meet both functional and non-functional requirements.


Core Duties & Qualifications

  • SIEM/SOAR Expertise: Proven knowledge and hands-on experience in the design, build, deployment, and operation of SIEM/SOAR tools (Splunk and Microsoft Sentinel at a minimum), alongside traffic analysis and threat intelligence tooling.
  • Performance Tuning: Experience deploying and configuring SIEM applications in a performant manner across cloud and on-premises environments to support high data rates.
  • Data Onboarding: Proven delivery and experience leading onboarding activities onto a SIEM.
  • Cloud Security: Strong knowledge of how Azure and AWS security functions operate as both controls and detection tools to protect large cloud estates. Ability to produce threat-led use cases, content, and playbooks on Sentinel and Splunk.
  • Enterprise ICT & Architecture: Deep knowledge of enterprise ICT and a strong understanding of security architecture, with a particular focus on networking.
  • Threat Intelligence: Detailed understanding of threat intelligence, threat actors, and TTPs, with the ability to operationalise threat intelligence.
  • Network Protocol Knowledge: Solid understanding of TCP/IP component layers to successfully identify normal and abnormal network traffic.


Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent