Lead SIEM Engineer
Lead SIEM Engineer Hybrid – Hemel Hempstead (1–2 days per week on-site) Security Clearance: Eligible & willing to obtain DV This role is for SIEM specialistsA great opportunity for a Lead SOC SIEM Engineer to take ownership of detection engineering within a large, rapidly scaling SOC that protects some of the UK’s most sensitive defence and national security environments.The SIEM Engineer will sit at the intersection of threat intelligence, telemetry, and detection logic, shaping how threats are identified, prioritised, and acted upon across multiple high-security clients. If you’re passionate about SIEM content quality, signal over noise, and building detections that actually work, this role gives you real authority to do thatThe focus of the Lead SIEM Engineer role will be:
- Owning the SIEM content lifecycle from concept and design through build, tuning, and continuous optimisation
- Engineering high-fidelity detections, dashboards, and reporting that SOC analysts trust
- Ensuring data ingestion, parsing, and enrichment deliver coverage, context, and visibility
- Turning threat intelligence, vulnerabilities, and attacker TTPs into actionable detection logic
- Reducing false positives while improving alert confidence and response speed
- Acting as the technical bridge between SOC analysts, architects, engineers, and delivery teams
- Helping define detection standards, engineering patterns, and best practice across the SOC
- Strong hands-on SIEM engineering experience with Splunk, Microsoft Sentinel, QRadar, or similar
- Deep understanding of detection engineering, use-case development, and monitoring strategy
- Confidence working with security frameworks and standards (NIST, ISO 27001/27002, CIS, PCI DSS)
- Scripting capability in Python, PowerShell, regex (automation mindset preferred)
- Comfortable supporting multiple customers and environments without losing engineering quality
- Willing and eligible to obtain DV clearance