SIEM Engineer

Short Description

Our client is looking for a skilled and experienced Sentinel Engineer to join their cybersecurity team.

Bullet Points

• Fully remote if the candidate stays further than 80 miles from Maidenhead
• £60-80K per annum + benefits
• Minimum of 5 years of experience in cybersecurity

£60-80K per annum + incentive scheme, medical insurance, pension, PDP (personal development plan) working with a Mentor to keep up to date with CyberSecuritycertifications.

This role is only fully remote if the candidate stays further than 80 miles from Maidenhead, otherwise they benefit from a hybrid-working arrangement with Wednesdays compulsory in the office, and will be travelling to client meetings as and when required for the role.

Full Job Description

About the role:

The primary responsibility of this role is to integrate log sources into Sentinel, using standard data connectors, troubleshooting and enhancing data connectors, developing custom connectors where required and optimising log ingestion.

The key responsibilities are:

• Responsible for end-to-end integration of logs into Sentinel.
• Scope, plan and track log integration.
• Research, test and advise clients on audit configuration settings for log sources, to ensure that the right logs flow into Sentinel for threat detection.
• Deploy data connectors and troubleshoot data ingestion, including deployment of Function Apps, customisation and enhancement of Function App code where required, and development of custom log ingestion solutions.
• Validation of log parsing, fixing and enhancing existing parsers, and development of new parsers.
• Optimisation of collected logs to ensure the right events are collected and unnecessary events are filtered out to manage consumption and cost.
• Documentation of solution design, and development of technical processes and procedures to
• enhance our knowledge base and aid standardization efforts.

Secondary responsibilities:

• Assist other Engineers in maintaining and enhancing our DevOps pipeline, to scale services across multiple clients, including code development and maintenance.
• Sentinel health checks and periodic maintenance, e.g. data connector updates.
• Rule fine-tuning, and integration of applicable changes from upstream rule repositories into our repo.
• Collaborate with Analysts and client cybersecurity professionals to refine detection
• strategies, improve detection accuracy and reduce false positives.
• Analyse security logs from various sources including cloud platforms services, firewalls, intrusion detection systems, VPN, web application firewalls, web and email filtering, identity and access management systems, endpoint protection and EDR, and other security tools.

Qualifications and Experience:

• Minimum of 5 years of experience in cybersecurity.
• Minimum of 3 years of Sentinel design and implementation experience, including Linux deployment and administration.
• Solid experience working with security logs across multiple domains – identity and access, network, system, data, application, cloud – and multiple product types, e.g. firewalls, intrusion detection systems, VPN, web application firewalls, web and email filtering, identity directories and SSO, endpoint protection and EDR, and other security tools.
• Strong understanding of the threat landscape, common attack vectors, and threat actor tactics, techniques, procedures and tools.
• Experience with frameworks like MITRE ATTACK.
• Proficiency in data analysis and scripting languages (e.g., PowerShell, Python).
• Excellent problem-solving skills, attention to detail and quality delivery.
• Strong communication and teamwork skills.
• Ability to deliver in a fast-paced environment.

Why Join our Client?

Competitive salary. Hybrid working arrangement for flexibility. Opportunity to work with cutting-edge technologies and a dynamic team.