SIEM Engineer
Role details
Job location
Tech stack
Job description
We are looking for a Managing Security Engineer (SIEM), you will lead the design, implementation and documentation of security monitoring platforms. You will ensure the right tooling is in place to protect and monitor our clients, working closely with cross-functional teams to assess risk, design security controls and define testing requirements.
You will be a key technical leader, championing security by design and fostering a strong culture of security and engineering excellence across Sopra Steria. Acting as a trusted advisor, you will help clients understand their security challenges and lead the planning and implementation of effective controls to strengthen their security posture.
This role offers an excellent opportunity to deepen your hands-on cybersecurity expertise while making a meaningful impact on both client and organisational security.
This role is permanent and requires full time, on-site working in Hemel Hempstead. This role will also potentially be partaking in an out of hours call-out rota.
What you will be doing:
Deploy, manage and optimise Elastic Stack (Elastic Security) and Splunk (Enterprise & ES) platforms at scale.
Design, implement and maintain data pipelines, including log ingestion, enrichment and schema standardisation (ECS/CIM).
Develop and tune security detection rules, translating threat intel and TTPs (MITRE ATT&CK) into actionable, low-noise alerts.
Manage the full content lifecycle: design * test * deploy * monitor * tune * retire, with version control and rollback.
Automate workflows and configurations using CI/CD, SOAR, scripting and IaC tools (Terraform, Ansible).
Ensure platform performance, stability and reliability, including capacity planning, high availability, disaster recovery and proactive monitoring.
Requirements
Hands-on experience with Elastic Security and Splunk ES, including detection engineering, indexing, parsing and performance tuning.
Strong expertise in data pipeline engineering, log enrichment, data quality and large-scale ingestion architectures (ECS/CIM).
Proven ability to design, test and optimise detection content, including MITRE ATT&CK-aligned rules and risk-based alerting (RBA).
Advanced knowledge of SPL, KQL and EQL, focused on detection quality and noise reduction.
Experience with automation and Infrastructure-as-Code in SIEM environments.
Deep understanding of SIEM platform operations, including clustering, high availability, disaster recovery, scaling and performance optimisation.
Strong problem-solving skills with a proactive approach to improving security operations.
