Lead SIEM Engineer

Hybrid – Farnborough or Hemel Hempstead base (1–2 days a week on site)
DV Clearance must be eligible and willing to obtain

Are you ready to take the lead in shaping one of the most advanced SIEM environments in the UK defence sector?

We’re looking for a Lead SIEM Engineer to join a growing SOC team supporting high-profile, mission-critical clients. You’ll be the go-to expert for all things SIEM, driving how we detect, defend, and deliver across multiple secure projects.

If you love taking ownership, working with cutting-edge tools, and leading the way in proactive threat detection, this is the role for you.

As the Lead SIEM Engineer, you will:

• Leading the design, development and tuning of SIEM content – rules, dashboards, alerts and reports that spot threats fast.
• Acting as the technical authority on SIEM engineering, ensuring the platform runs efficiently and delivers real value.
• Working with SOC Analysts, Threat Hunters and Architects to enhance SIEM use cases and boost detection accuracy.
• Bringing new ideas and threat intelligence to evolve the SIEM strategy and stay ahead of emerging risks.
• Mentoring junior engineers, setting standards, and helping shape the future of SIEM operations.

Your SIEM and Content experience should involve:

• Strong hands-on experience leading SIEM engineering projects using platforms such as Splunk, Sentinel or QRadar.
• A deep understanding of cybersecurity frameworks and best practice (NIST, ISO, CIS, PCI DSS).
• Scripting ability in Python, PowerShell and Regex for tuning and automation.
• Excellent communication skills and the ability to collaborate across teams and projects.

This is more than a technical role it’s a chance to lead and influence how some of the UK’s most secure organisations use SIEM to protect what matters most.
You’ll join a growing, forward-thinking SOC team where innovation is encouraged, career growth is real, and your work will make a tangible impact every single day.