SIEM Security Engineer- SC Cleared

Role: SIEM Security Engineer - Cyber Defence
Rate: Outside IR35
Location: Remote with occasional travel to Gloucester
Duration: 3-6 initially
SC clearance required

Position Summary:
We are seeking a Sentinel SIEM & Cloud Security Engineer to join our team and play a critical role in designing, managing, and optimizing Microsoft Sentinel and Defender for Cloud. This role will focus on SIEM architecture, cloud security posture management, security analytics, and automation to enhance security visibility and resilience. You will have the opportunity to work with cutting-edge security tools and continuously evolve your expertise in cloud security.

1. SIEM Architecture & Management: Design, deploy, configure, and maintain Microsoft Sentinel, ensuring optimal performance, scalability, and integration with security tools.
2. Cloud Security Design & Integration: Implement and optimize Microsoft Defender for Cloud to enhance cloud security posture, detect misconfigurations, and enforce compliance.
3. Log Management & Analysis: Oversee the ingestion, parsing, and normalization of security logs from Azure, AWS, M365, and hybrid environments to improve threat visibility.
4. Security Event Correlation & Automation: Develop advanced correlation rules, alerts, playbooks, and automation workflows using Sentinel, KQL, and SOAR integrations to enhance threat detection and response capabilities.
5. Cloud Threat Protection: Monitor, analyse, and strengthen security postures across cloud platforms, utilising Defender for Cloud and SIEM insights.
6. Compliance & Governance: Ensure alignment with industry best practices, regulatory frameworks, and internal security policies for cloud security.
7. Threat Intelligence & Enrichment: Integrate threat intelligence feeds with Sentinel and Defender for Cloud to enhance real-time threat analysis.
8. Collaboration & Advisory: Work closely with security analysts, cloud engineers, and IT teams to optimize security monitoring, threat detection, and risk mitigation strategies.
9. On-Call Support: Provide 24/7 on-call support on a rotational basis for security platform-related issues.
10. Emerging Technologies & Innovation: Stay ahead of cloud security advancements, evolving SIEM capabilities, and automation trends to continuously enhance security operations.

1. Strong experience designing, managing, and integrating Microsoft Sentinel and Microsoft Defender for Cloud.
2. Proficiency in SIEM architecture, security event correlation, log ingestion, and cloud security analytics.
3. Hands-on experience with security automation (SOAR), threat intelligence platforms, and log parsing techniques.
4. Strong understanding of MITRE ATT&CK framework, Zero Trust, and cloud security best practices.
5. Knowledge of Azure, AWS, M365, hybrid environments, and cloud security frameworks (CIS, NIST, ISO 27001, etc.).
6. Experience with scripting and automation (PowerShell, Python, KQL, or similar languages) to enhance security operations.
7. Excellent problem-solving, analytical, and communication skills with the ability to effectively influence others.
8. Ability to adapt quickly to emerging cloud security threats and technologies.
9. Security certifications such as AZ-500, MS-500, SC-200, Security Essentials, or equivalent are preferred.

Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take up to a minimum 10 weeks.