Security Engineer; SIEM

• Duration: 12+ Months
• Start Date: ASAP
• Clearance:
  Active SC-Clearance and willing to go through DV

This role is delivered within secure environments
. Candidates must have an active Security Clearance (SC) and be willing to undergo Developed Vetting (DV).

We design and deliver secure-by-default digital platforms for high-assurance environments
. We’re currently building a new secure cloud platform based on Google Distributed Cloud (GDC) and are looking for a Security Engineer (SIEM) to lead the design and implementation of security monitoring and observability capabilities.

This role offers the opportunity to build a SIEM capability from the ground up
, influence security architecture decisions, and directly support SOC operations protecting critical public sector services
.

As a Security Engineer (SIEM), you’ll be responsible for building and enhancing security monitoring and detection capabilities across complex environments. You will design and maintain SIEM use cases
, onboard and normalise data sources, and continuously tune detections to improve threat visibility and response.

Working closely with incident response and platform teams
, you’ll turn security data into actionable insight-strengthening detection coverage, reducing noise, and advancing overall security maturity.

As a Security Engineer, you will be responsible for designing, building, and operating the Security Information and Event Management (SIEM) and security observability stack for a new GDC-based platform
.

You will:

• Define how security logs, metrics, alerts, and telemetry are collected, processed, retained, and visualised.
• Establish a cloud-native SIEM tool and monitoring capability.
• Integrate cloud-native monitoring with existing on-premise SOC tooling
  .
• Enable SOC analysts by providing reliable, actionable security insights.
• Work closely with cloud engineers, security architects, SOC teams, and external vendors to ensure the solution meets security, operational, and compliance requirements.

• Work with security and solution architects to design the end-to-end SIEM architecture for a secure Google Distributed Cloud (GDC) environment.
• Define log, event, and telemetry standards across platform, infrastructure, Kubernetes, and application layers.
• Decide which data sources are monitored locally versus forwarded to an existing on-prem SIEM
  .

• Deploy Elastic SIEM using standard or shared Kubernetes clusters where appropriate.
• Configure secure log forwarding from GDC components to an on-prem SIEM over dedicated,
  encrypted network links
  .
• Integrate cloud audit logs, Kubernetes logs, workload logs, and security tooling into Elastic and on-prem platforms.

• Implement detections-as-code
  , version controlled and automated through CI/CD pipelines.
• Create and tune detection rules, alerts, and dashboards for SOC analysts.
• Align detections with threat intelligence and playbooks (e.g.,
  Mandiant-aligned SOC workflows).

• Support monitoring of logs, metrics, and security signals to aid both security response and operational debugging.
• Enable Platform Admins and Application Operators to self-serve diagnostics while maintaining security boundaries.

Produce clear guidance for:

• Platform Administrators configuring SIEM integrations
• Application teams onboarding workloads and logs
• SOC analysts using dashboards, alerts, and queries

Contribute to runbooks, operational procedures, and incident response documentation.

• Ensure logging and monitoring meet UK Government and high-assurance security requirements.
• Support audits, assurance activities, and continuous improvement of the monitoring posture.

• Strong experience as a Security Engineer, Detection Engineer, or SIEM Engineer
  .
• Hands‑on experience designing or operating SIEM solutions in cloud or hybrid environments.
• Practical knowledge of Elastic SIEM / Elastic Stack
  , including:
• Indexing and ingest pipelines
• Detection rules and alerts
• Dashboards and visualisations
• Experience working with Kubernetes environments…