Farnborough Lead SOC Content
Lead SOC SIEM Engineer Hybrid: Farnborough (1–2 days per week onsite) Security Clearance: Willing and eligible to obtain DV We’re looking for a Lead SOC SIEM Engineer to join a large, fast-growing Security Operations Centre supporting some of the UK’s most high-profile defence and national security clients.This is a hands-on, senior role where you’ll take ownership of SIEM content engineering — designing, building, tuning, and evolving detection capability across multiple secure environments. If you know SIEMs inside out and want your work to directly influence real-world cyber defence, this role gives you the platform to do exactly that.What you’ll be doing:
- Leading the design, build, and tuning of SIEM content including detection rules, dashboards, and reporting
- Ensuring high-quality data ingestion, visibility, and coverage so genuine threats aren’t missed
- Collaborating closely with SOC Analysts, Security Architects, Engineers, and Programme teams
- Translating threat intelligence, vulnerabilities, and adversary techniques into effective detections
- Supporting incident response by improving alert fidelity and reducing noise
- Helping define and maintain SOC standards, detection strategy, and engineering best practice
- Strong hands-on experience with SIEM platforms such as Splunk, Microsoft Sentinel, or QRadar
- Deep understanding of detection engineering and security monitoring best practices
- Knowledge of industry standards and frameworks (ISO 27001/27002, NIST, CIS, PCI DSS)
- Scripting capability in Python, PowerShell, and regex
- Ability to operate across multiple customers and projects without losing technical depth
- Willingness and eligibility to obtain DV clearance