SIEM Engineer

Role: SIEM Engineer
Rate: Up to £525/day outside IR35
Start Date: ASAP
Location: London / Hybrid
Clearance: Active SC clearance required (minimum)

We're seeking an experienced Security Engineer (SIEM) to support the delivery of a secure Google Distributed Cloud (GDC) platform protecting critical public sector services. The role will focus on building and enhancing security monitoring capabilities, supporting SOC operations, and improving threat detection across cloud and Kubernetes environments.

• Deploy and support Elastic SIEM across Kubernetes environments
• Integrate cloud, Kubernetes, application, and security logs into SIEM platforms
• Configure secure log forwarding to existing on prem SIEM solutions
• Create and tune detection rules, alerts, dashboards, and visualisations
• Implement detections as code using Git and CI/CD pipelines
• Work closely with SOC teams to improve threat visibility and incident response
• Produce runbooks, operational procedures, and onboarding documentation
• Support monitoring, troubleshooting, and continuous improvement activities

• Proven experience as a Security Engineer, Detection Engineer, or SIEM Engineer
• Strong hands on experience with Elastic Stack / Elastic SIEM
• Experience operating SIEM solutions in cloud or hybrid environments
• Strong understanding of Kubernetes logging and monitoring patterns
• Experience working with SOC teams and detection engineering practices
• Familiarity with secure log forwarding and restricted environments
• Strong documentation and communication skills
• Experience with GCP or Google Distributed Cloud (GDC)
• Experience with Elastic Cloud on Kubernetes (ECK)
• Experience implementing detections as code using Git and CI/CD
• Knowledge of MITRE ATT&CK or other threat frameworks
• Previous experience within UK Government, Defence, or highly regulated environments

• Active SC clearance is required as a minimum. Candidates must also be willing to undergo DV clearance.