SIEM Engineer
Indexed description
Location(s): UK (Guildford or Frimley)
Working Arrangements: Hybrid and flexible working options available
Key Responsibilities
- SIEM Application Management: Design, deploy, and configure SIEM applications (including Splunk Enterprise, Enterprise Security, Splunk SOAR/UBA, Microsoft Sentinel, Elastic, and Microsoft XDR).
- Infrastructure Specification: Define infrastructure requirements (RAM, Disk, CPU, Network bandwidth) for SIEM applications.
- System Integration: Integrate SIEM applications with Identity Management, Vulnerability Management (e.g., Nessus), Asset/Configuration Management, Cyber Threat Intelligence, and Case Management solutions.
- Log Onboarding: Design, implement, and manage log collection and onboarding activities to the SIEM.
- Detection & Automation: Identify initial sets of use cases and playbooks for detection and automation content, overseeing development, testing, and release.
- Deployment Environments: Support the deployment of SIEM applications to cloud hosting, containers, and on-premises hosted VMs.
- Release & Change Management: Oversee implementation activities to ensure entry criteria are met, planned activities are completed, and rollback plans are initiated if required. Review and approve documentation (design, deployment, configuration, and admin guides).
- Technical SME Support: Act as a cyber technical specialist providing deep knowledge of monitoring technologies, threat tools, tactics, techniques, and procedures (TTPs). Provide generalist SME support for tools like Jira and Cribl.
- Testing: Develop test procedures to ensure solutions meet both functional and non-functional requirements.
Core Duties & Qualifications
- SIEM/SOAR Expertise: Proven knowledge and hands-on experience in the design, build, deployment, and operation of SIEM/SOAR tools (Splunk and Microsoft Sentinel at a minimum), alongside traffic analysis and threat intelligence tooling.
- Performance Tuning: Experience deploying and configuring SIEM applications in a performant manner across cloud and on-premises environments to support high data rates.
- Data Onboarding: Proven delivery and experience leading onboarding activities onto a SIEM.
- Cloud Security: Strong knowledge of how Azure and AWS security functions operate as both controls and detection tools to protect large cloud estates. Ability to produce threat-led use cases, content, and playbooks on Sentinel and Splunk.
- Enterprise ICT & Architecture: Deep knowledge of enterprise ICT and a strong understanding of security architecture, with a particular focus on networking.
- Threat Intelligence: Detailed understanding of threat intelligence, threat actors, and TTPs, with the ability to operationalise threat intelligence.
- Network Protocol Knowledge: Solid understanding of TCP/IP component layers to successfully identify normal and abnormal network traffic.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search