SIEM Application Engineer
New Yesterday
Job Overview
Job Title:
SIEM Application Engineer
Team:
Security Engineering
Location:
Flexible / Hybrid
Hours:
Full Time - Contract 3 Month Duration Role Summary
The SIEM Application Engineer is responsible for the design, deployment, management, and optimisation of Security Information and Event Management (SIEM) platforms to enhance threat detection, monitoring, and incident response capabilities across enterprise environments. This role focuses on building and maintaining scalable SIEM solutions—primarily leveraging Elasticsearch-based technologies—to support security operations, regulatory compliance, and continuous improvement of organisational security posture. Why This Role Matters
SIEM platforms are a core component of modern security architecture, enabling effective monitoring, threat detection, and response across complex IT and network environments. This role plays a critical part in ensuring SIEM solutions are reliable, performant, and aligned with security standards and frameworks. The SIEM Application Engineer works closely with security analysts, architects, and operations teams to support strategic security objectives, improve detection coverage, and respond to evolving cyber threats. Key Responsibilities
SIEM Solution Development
Design and implement SIEM solutions in collaboration with security analysts and architects.
Develop, optimise, and maintain detection rules, alerts, and dashboards to improve threat visibility.
Support the full SIEM lifecycle, including development, deployment, and ongoing optimisation.
Collaboration & Communication
Work effectively with cross-functional security and engineering teams.
Produce clear technical documentation and present solutions to both technical and non-technical stakeholders.
Query Optimisation & Performance Tuning
Develop efficient queries to extract and analyse security events.
Monitor SIEM platform health and performance, addressing scalability and efficiency issues.
Optimise data ingestion pipelines and indexing strategies.
Security Engineering & Operations Support
Contribute to security engineering initiatives, platform transitions, and transformation projects.
Integrate SIEM with security operations and incident response tooling.
Stay current with emerging threats, attack techniques, and security best practices.
Essential Skills & Experience
SIEM & Detection Engineering
Strong experience configuring and operating SIEM platforms (Elasticsearch-based solutions preferred).
Ability to create, test, and optimise detection rules aligned to the MITRE ATT&CK framework.
Experience improving detection fidelity while reducing false positives.
Elasticsearch & Platform Engineering
Hands-on experience with Elasticsearch query optimisation, indexing, and mappings.
Performance tuning of Elasticsearch and Logstash pipelines.
Experience using Kibana for dashboards, visualisations, and operational monitoring.
Security & Compliance
Implementation of access controls, authentication, and encryption within SIEM platforms.
Understanding of security policy, governance, and regulatory frameworks.
Experience supporting compliance with data protection and security standards.
Desirable Skills & Experience
Experience with the Elastic Stack (ELK) in enterprise environments.
Knowledge of offensive security frameworks and adversary techniques.
Experience with cloud platforms (public or private), containerisation, and orchestration (e.g. Kubernetes).
Familiarity with DevOps practices, Git, and CI/CD pipelines.
Infrastructure-as-Code experience (e.g. Terraform, Ansible).
Relevant cybersecurity certifications.
3–5+ years' experience in cybersecurity engineering or delivery roles.
Leadership & Professional Attributes
Ownership of outcomes and accountability for deliverables.
Customer-focused mindset with an emphasis on quality and reliability.
Ability to design solutions with long-term scalability and sustainability in mind.
Qualifications & Background
Bachelor's or Master's degree in Computer Science, Engineering, Information Systems, or a related field (or equivalent experience).
5+ years' experience delivering cybersecurity or security engineering solutions.
Broad experience across enterprise security controls such as SIEM, vulnerability management, access management, and monitoring platforms, ideally from both development and operational perspectives.
TPBN1_UKTJ
- Location:
- United Kingdom
- Job Type:
- FullTime
- Category:
- IT;IT