Cyber Security Engineer, SoC/SIEM

Methods

contract

Posted on: 9/19/2025

Origin: • 🇬🇧 United Kingdom

Visit company website

✨ AI Apply

Apply

Job Level

Mid-LevelSenior

Tech Stack

AzureElasticSearchFirewallsLinuxLogstashPython

About the role

Build, manage and optimise Logstash pipelines and ensure reliable ingestion of structured and unstructured logs into Elasticsearch.
Create advanced Kibana visualisations, dashboards, queries, alerts and tune dashboards for SOC use and anomaly detection.
Configure and manage rsyslog and centralised logging for network appliances, firewalls, and infrastructure to ensure visibility and completeness.
Administer and troubleshoot Linux systems; deploy and maintain agents, perform log parsing and scripting support (Bash, Python).
Develop, tune and maintain detection rules (ESQL, EQL, Lucene) aligned to MITRE ATT&CK and contribute to the detection roadmap.
Produce investigation guides and support SOC analysts with triage, escalation, and case documentation.
Contribute to SOC maturity by developing processes, policies, alert tuning procedures, and SIEM configuration governance.
Support incident response lifecycle with alert review, evidence handling, forensic support and escalation to meet client SOPs.
Prepare formal documentation following Defence Writing principles and reference JSPs where applicable.
Engage and communicate with clients, report findings, and represent security operations during project reviews.

Requirements

Elastic Stack expertise including Kibana for advanced visualisations, dashboards, queries, alerts and anomaly detection; hold Elastic Certified Analyst certification and full working knowledge of its competencies including dashboard tuning and timeline analysis.
Build, manage and optimise complex Logstash pipelines using plugins to handle diverse log formats, transform data, and enrich security telemetry; ensure reliable ingestion into Elasticsearch.
Configure and manage rsyslog and centralised logging for network appliances, firewalls, and infrastructure components.
Administer and troubleshoot Linux-based systems; command-line fluency and scripting ability (Bash, Python) to support SIEM operations, log parsing, and agent deployment.
Develop and tune custom detection rules using ESQL, EQL, and Lucene syntax; use MITRE ATT&CK-aligned techniques; create and maintain investigation guides for SOC analysts.
Contribute to development of SOC processes and policies including detection logic lifecycle, alert tuning procedures, and SIEM configuration governance.
Prepare formal documentation aligned with Defence Writing principles and demonstrate understanding of Joint Service Publications (JSPs).
Support the incident response lifecycle through alert review, case triage, evidence handling, escalation, and forensic data support; document cases per SOPs and client expectations.
Communicate technical information clearly to internal stakeholders and external clients; collaborate with multidisciplinary teams and represent security operations in client interactions.
Desirable: prior Defence/Government/CNI experience; familiarity with MITRE ATT&CK, NIST CSF, ISO 27001; experience with SOAR/SIEM enrichment tools (TheHive, MISP, Cortex); knowledge of Elastic Agent, Fluentd; exposure to vulnerability management and OpenCTI.
Qualifications: expert knowledge of Azure & Sentinel; proven experience as a Cyber Analyst focused on Security Operations; strong expertise in Elasticsearch, Logstash, Kibana; relevant certifications such as CISSP, CEH, Elastic Certified Engineer (ECE) are a plus.
Security clearance: role requires active SC and/or DV or eligibility for DV if not already held.

Cyber Security Engineer, SoC/SIEM

Job Level

Tech Stack

About the role

Requirements

Similar jobs on JobTailor

Incident Response Engineer

Senior Engineer – SIEM Integrations

SOC Analyst, Intern

Senior Security Analyst

Senior Security Engineer - Incident Response