Cyber Security Engineer SoC/SIEM (Contract)
Methods
- Ledbury, England, United Kingdom
- Ledbury, England, United Kingdom
Über
Responsibilities & Requirements
Elastic Stack Expertise: Demonstrable expertise across the Elastic Stack, particularly in the use of Kibana for creating advanced visualisations, dashboards, queries, and alerts. Hold a valid
Elastic Certified Analyst
certification and full working knowledge of its competencies, including anomaly detection, dashboard tuning, and timeline analysis.
Data Ingestion & Log Pipeline Engineering: Build, manage and optimise complex Logstash pipelines, utilising a wide range of plugins to handle diverse log formats, transform data, and enrich security telemetry. Ensure reliable ingestion of logs from both structured and unstructured sources into Elasticsearch.
Syslog Configuration: Configure and manage rsyslog and centralised logging for network appliances, firewalls, and infrastructure components to ensure visibility and completeness of data collection.
Linux Proficiency: Administer and troubleshoot Linux‑based systems with command‑line fluency and scripting ability (e.g., Bash, Python) to support SIEM operations, log parsing and agent deployment.
Detection Engineering & Threat Rules: Develop and tune custom detection rules using ESQL, EQL and Lucene syntax to identify malicious activity. Use MITRE ATT&CK‑aligned techniques and contribute to the design of the detection roadmap. Create and maintain bespoke investigation guides to assist SOC analysts in triage and escalation.
SOC Maturity & Policy Development: Contribute to the development of SOC processes and policies, including detection logic lifecycle, alert tuning procedures and SIEM configuration governance. Play a key role in maturing the operational use of SIEM tooling and automation within the SOC environment.
Defence Writing & JSP Familiarity: Prepare formal documentation in line with Defence Writing principles, with an understanding of Joint Service Publications (JSPs), particularly in areas related to cybersecurity governance, incident response and monitoring operations.
Incident & Case Management: Support the incident response lifecycle through alert review, case triage, evidence handling, escalation and forensic data support. Ensure cases are documented comprehensively and aligned with operational SOPs and client expectations.
Client Engagement & Communication: Communicate technical information clearly and confidently to both internal stakeholders and external clients. Collaborate with multidisciplinary teams, report findings effectively and represent security operations during client interactions and project reviews.
Desirable Skills and Experience
Prior experience in Defence, Government or Critical National Infrastructure environments.
Familiarity with security frameworks such as MITRE ATT&CK, NIST CSF or ISO 27001, including how to map TTPs to rule coverage.
Experience with SOAR or SIEM enrichment tools (e.g., TheHive, MISP, Cortex).
Knowledge of additional log forwarding/processing tools (e.g., Elastic Agent, Fluentd).
Exposure to vulnerability management and threat intelligence platforms such as OpenCTI.
Qualifications
Expert knowledge of Azure & Sentinel.
Proven experience as a Cyber Analyst with a focus on Security Operations.
Strong expertise in using Elastic Stack, including Elasticsearch, Logstash, and Kibana.
Familiarity with other SIEM tools and security technologies.
Knowledge of cybersecurity best practices, threat intelligence and incident response.
Excellent analytical and problem‑solving skills.
Relevant certifications such as CISSP, CEH or Elastic Certified Engineer are a plus.
This role will require you to hold active SC and/or DV. If DV isn’t held, you will need to be eligible for DV.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klicken Sie auf „Jetzt Bewerben“, um Ihre Bewerbung direkt auf deren Website einzureichen.