151 to 175 of 213 SIEM Jobs in the UK

Knowledge of IAM concepts including MFA, RBAC and conditional access Familiarity with regulatory and compliance frameworks such as NIST, CIS Controls, ISO 27001 and Cyber Essentials Plus Experience with SIEM, logging, monitoring and threat detection platforms Understanding of data classification, encryption and secure storage Ability to collaborate with engineers to enforce secure configurations and hardening standards Experience with endpoint protection … consent for us to process and submit (subject to required skills) your application to our client in conjunction with this vacancy only. KEY SKILLS Cyber Security Engineer, Microsoft Security, SIEM, IAM, Vulnerability Management, Network Security, Security Architecture, Incident Response, Hybrid Cloud, Threat Modelling, Compliance, NSD More ❯

Develop SOC policies, technical standards, and procedure documentation aligned to industry best practice. Log Management: Work with MSSPs and service owners to ensure log sources are onboarded into the SIEM solution. Create use cases to correlate suspicious activities across endpoints, networks, applications, and both on-premises and cloud environments. Incident Response: Improve playbooks and processes, lead escalated security incidents, oversee … platform by producing workflows to automate responses to common attack types and enhance operational playbooks. Digital Forensics: Use forensic tools and techniques to analyse data sources such as logs, SIEM data, applications, and network traffic patterns, and recommend appropriate response actions to ensure threats are contained and eradicated. Cyber Crisis Testing: Participate in cyber-attack simulations and scenario exercises to … a degree in Computer Science, Cybersecurity, IT, or a related subject. Ideally hold recognised security qualifications such as CISSP, AZ-500, GIAC/GCIA/GCIH, CASP+, CEH, or SIEM certifications. Strong knowledge of log correlation, analysis, forensics, and chain of custody requirements. Familiarity with regulatory frameworks (NCSC CAF, ISO/IEC 27001/27002, GDPR, CIS, NIST). Practical More ❯

incident response efforts, from initial detection through containment, remediation, and post-incident analysis. A key part of the role involves managing and fine-tuning security monitoring tools such as SIEM platforms to ensure optimal visibility and threat detection. The Security Operations Manager collaborates with IT, infrastructure, and platform teams to coordinate responses to vulnerabilities and ensure swift resolution of incidents. … Own and maintain the organisation's Cyber Incident Response Plan, coordinating major incident responses and ensuring lessons learned translate into stronger defences. Manage and optimise key technical controls, including SIEM, SOAR, PKI, and email security tools, to maintain robust detection and response capabilities. Collaborate with delivery partners and internal teams to improve service quality, mitigate risks, and enhance security posture. … colleagues, internal customers and external suppliers Significant experience in Security Operations and Incident Response Broad technical competence in IT and Cyber Broad technical competence in OT Solid understanding of SIEM/SOAR especially Sentinel Why Apply? At Anglian Water, we play a vital role in safeguarding one of life's most essential resources - and protecting the systems that keep it More ❯

combines engineering depth with real client interaction ideal for someone who enjoys both hands-on work and architectural thinking. What You Will Be Doing Design, configure, and deliver Sentinel SIEM solutions for enterprise clients. Develop and optimise automation rules, playbooks, and runbooks using Logic Apps and Power Automate. Write and fine-tune Kusto Query Language (KQL) queries to analyse and … and ISO 27001 alignment. Act as an escalation point within the SOC and mentor junior engineers. What We Are Looking For 3+ years’ experience as a Microsoft Sentinel or SIEM Engineer. Strong technical background across Microsoft 365, Azure, networking, and cybersecurity. Hands-on experience with KQL, PowerShell, and ideally Python. Proven experience automating processes using Logic Apps, Playbooks, or Terraform. More ❯

combines engineering depth with real client interaction ideal for someone who enjoys both hands-on work and architectural thinking. What You Will Be Doing Design, configure, and deliver Sentinel SIEM solutions for enterprise clients. Develop and optimise automation rules, playbooks, and runbooks using Logic Apps and Power Automate. Write and fine-tune Kusto Query Language (KQL) queries to analyse and … and ISO 27001 alignment. Act as an escalation point within the SOC and mentor junior engineers. What We Are Looking For 3+ years experience as a Microsoft Sentinel or SIEM Engineer. Strong technical background across Microsoft 365, Azure, networking, and cybersecurity. Hands-on experience with KQL, PowerShell, and ideally Python. Proven experience automating processes using Logic Apps, Playbooks, or Terraform. More ❯

combines engineering depth with real client interaction ideal for someone who enjoys both hands-on work and architectural thinking. What You Will Be Doing Design, configure, and deliver Sentinel SIEM solutions for enterprise clients. Develop and optimise automation rules, playbooks, and runbooks using Logic Apps and Power Automate. Write and fine-tune Kusto Query Language (KQL) queries to analyse and … and ISO 27001 alignment. Act as an escalation point within the SOC and mentor junior engineers. What We Are Looking For 3+ years’ experience as a Microsoft Sentinel or SIEM Engineer. Strong technical background across Microsoft 365, Azure, networking, and cybersecurity. Hands-on experience with KQL, PowerShell, and ideally Python. Proven experience automating processes using Logic Apps, Playbooks, or Terraform. More ❯

In 2022 we built out an exciting SIEM/SOAR and ManagedDetection and Response service called SEP2.security, built upon Google CloudSecurity's Chronicle stack. Due to customer demand, we are now looking to hire aPrincipal Cyber Security Engineer to join this every growing team. The Security Intelligence Services team, that this role issituated in, provides security monitoring and use case … quickly with colleagues and customers. Competentand confident in customer facing situations. Qualifications and Experience Experienceas a Cyber SOC Analyst/or similar role. Provenexperience in deploying SIEM (Security Information and Event Management)and SOAR (Security orchestration, automation, and response) solutions toachieve positive outcomes. Our tools include Google ChronicleSIEM/Siemplify SOAR and LogRhythm, but experience with other platformssuch as Microsoft More ❯

such as CISSP, CISM, or CompTIA Security+ are essential. What Sets You Apart: Experience with cloud security (AWS, Azure). Hands-on experience with Security Information and Event Management (SIEM) systems. Ability to guide and advise in incident response situations. Inspires and guides people with clarity and confidence, making smart decisions that bring everyone together toward shared goals. Why Breedon More ❯

include: Assisting in monitoring network traffic and security alerts to identify potential threats. Supporting investigations into security incidents, gathering evidence and documenting findings. Using Security Information and Event Management (SIEM) tools to detect and analyse suspicious activities. Collaborating with the cyber security team to respond to incidents and implement mitigation strategies. Helping maintain and update incident response documentation and procedures. More ❯

Security Engineer who enjoys building, optimising, and automating SOC infrastructure. This role sits within a growing Cyber Defence operation where you’ll help design and maintain the platforms behind SIEM, EDR, SOAR, and threat intelligence tooling, improving detection coverage and enabling analysts to respond faster. Key responsibilities: Engineer and maintain SIEM, EDR, SOAR, and logging platforms. Develop automation and integrations More ❯

Please note this role does require the postholder to be based from our office in Derbyshire circa 3 days per week. Reporting to the IT Security Manager the postholder will monitor, analyse, and respond to security threats, ensuring the integrity More ❯

per week presence. The successful candidate will play a vital role in monitoring, analysing, and responding to security threats using tools such as Splunk, Flexera, and other industry-standard SIEM platforms. You'll investigate security incidents, coordinate with other IT and security teams, and support continuous improvement of threat detection and response processes. Key Requirements: Previous experience in a SOC … Analyst or similar cybersecurity role Strong expertise in Splunk or similar SIEM tools Familiarity with Flexera for vulnerability management Understanding of firewalls, network protocols, intrusion detection/prevention systems Relevant certifications (e.g., CISSP, CEH, Splunk) advantageous Must be eligible for Developed Vetting (DV) clearance , requiring 10 years continuous UK residency Please Note: All offers will be subject to standard pre More ❯

to cyber threats across diverse client environments, mentoring junior analysts, improving detection content, and helping drive SOC maturity. What you’ll do: Lead complex investigations and incident response. Develop SIEM/EDR use cases and correlation rules. Perform proactive threat hunting and support automation initiatives. Produce incident reports and guide remediation activities. Help coach and upskill junior analysts. You should … bring: 2–4 years’ experience in a SOC, CSIRT, or cyber defence environment. Solid knowledge of SIEM and EDR platforms (Sentinel, Splunk, Defender, CrowdStrike, etc.). Understanding of MITRE ATT&CK and network/cloud security principles. Strong analytical and communication skills. Bonus points for: Scripting or automation experience (KQL, PowerShell, Python). Background in threat hunting or vulnerability management. More ❯

Job Title: SIEM Engineer (Security Cleared) Location: United Kingdom (Must hold active Security Clearance) Job Type: Contract/Permanent Overview: We are seeking an experienced Security Information & Event Monitoring (SIEM) Engineer with active Security Clearance to join our cybersecurity team. The ideal candidate will be responsible for maintaining, developing, and optimizing the SIEM platform — ensuring effective log management, threat detection … and automation across complex IT and OT environments. Key Responsibilities: Manage, maintain, and enhance the SIEM platform ensuring optimal performance and scalability. Onboard and integrate new log sources, create custom parsers, and develop analytic rules. Design and maintain detection rulesets, scope, plan, and track log integrations. Develop automation for alert triage and incident remediation through SOAR tools. Collaborate with Threat … Detection & Response teams to ensure the SIEM platform aligns with security monitoring requirements. Participate in infrastructure projects and security tool integrations. Lead and mentor junior SIEM engineers, fostering a culture of continuous improvement. Key Skills & Experience: Active UK Security Clearance – Essential . Proven hands-on experience as a SIEM Engineer . Strong understanding of security log management across multiple domains More ❯

to detail. Proven experience with OT and IT security technologies, including firewalls, intrusion detection systems (IDS), vulnerability detection, network discovery, log collection systems, and security information and event management (SIEM) solutions. UK Driving Licence. About Us Affinity Water is the UKs largest water-only supplier , providing sustainable, high-quality water to 3.85million customers across the Southeast of England. We are More ❯

Scripting experience (python, powershell, Unix shell) Demonstrated experience working in all phases of the SDLC Deep understanding and experience using cyber security operations, security monitoring, endpoint (EDR), Network, and SIEM Tools. Prior SOC experience a plus Extensive knowledge of network and server security protocols, technologies, and products. Industry recognized certifications (CISSP, GCIH, GCFA, OSCP, etc) preferred Strong oral and written … quickly and leverage prior experiences to effectively solve current security challenges. Refusing to accept the status quo Qualifications Combination of the following: Degree in Information Technology, Engineering or similar SIEM management - Desirable to have some advanced Certification from SIEM vendor on products such as ArcSight , MS Sentinel or Logrhythem Skills Network Protocols Cyber Security Tools/Products Cyber Security Policy More ❯

Scripting experience (python, powershell, Unix shell) Demonstrated experience working in all phases of the SDLC Deep understanding and experience using cyber security operations, security monitoring, endpoint (EDR), Network, and SIEM Tools. Prior SOC experience a plus Extensive knowledge of network and server security protocols, technologies, and products. Industry recognized certifications (CISSP, GCIH, GCFA, OSCP, etc) preferred Strong oral and written … quickly and leverage prior experiences to effectively solve current security challenges. Refusing to accept the status quo Qualifications Combination of the following: Degree in Information Technology, Engineering or similar SIEM management - Desirable to have some advanced Certification from SIEM vendor on products such as ArcSight , MS Sentinel or Logrhythem Skills Network Protocols Cyber Security Tools/Products Cyber Security Policy More ❯

Role Assisting in monitoring network traffic and security alerts to identify potential threats. Supporting investigations into security incidents, gathering evidence and documenting findings. Using Security Information and Event Management (SIEM) tools to detect and analyse suspicious activities. Collaborating with the cyber security team to respond to incidents and implement mitigation strategies. Helping maintain and update incident response documentation and procedures. More ❯

Security (SIEM) Architect Location: Warwick, Hybrid IR Status: TBC Rate: £600 - £800 Length : 6-12 months, TBC Clearance: Must have active SC clearance. An exciting opportunity has emerged with an organisaiton supplying complex architectural, technical and delivery solutions across the UK Secure Government and Public Sectors. They are looking to bring in a specialist security archietct, with demonstrable experience of … having architected a SIEM capability ustiling the Elasticsearch toolset. There has been an initial scoping, you will come in and provide a full-scale holistic solution and will have the support of the architetural team that provided the initial scope. Architecture & Design Define and implement SIEM architecture using Elastic Stack (Elasticsearch, Logstash, Kibana, Beats). Design log ingestion pipelines, data … models, and correlation rules for security monitoring. Develop observability frameworks integrating logs, metrics, and traces. Implementation & Engineering Deploy and configure ElasticSearch clusters, Kibana dashboards, and Logstash pipelines. Integrate SIEM with cloud-native observability tools (AWS CloudWatch, Azure Monitor, GCP Operations Suite). Automate log collection and enrichment using Beats, OpenTelemetry, and scripting. Security Use Cases & Threat Detection Build and maintain More ❯

part of this diversity. Qualifications: 5+ years of relevant experience and a proactive, hands on approach to problem solving. 2+ years of practical experience working with Splunk Enterprise Security SIEM in a production environment. Experience with medium to large scale system integrations (2 5 years), particularly in designing and implementing data flows, data processing solutions, and high throughput, high availability … written and spoken, enabling smooth communication in an international environment. Beneficial for the role: Scripting and/or programming, especially in languages such as PowerShell and Python Microsoft Sentinel SIEM & Microsoft Security stack Any security certifications are appreciated Windows server system administrator Microsoft Active Directory Security SIEM or log management technologies. Modern DevOps practices and ways of working. Building and More ❯

our cybersecurity operations-monitoring threats, investigating incidents, and safeguarding critical systems. Key Responsibilities Operate within a Security Operations Centre (SOC) or equivalent environment Monitor and respond to incidents using SIEM platforms Conduct system log analysis and threat detection Assist in vulnerability assessments and management Support incident resolution and reporting Required Skills & Experience At least 2 years' experience in a dedicated … Security Analyst role Hands-on experience with: SOC operations SIEM tools Vulnerability management Incident response and investigation Log and event analysis Preferred Qualifications Industry certifications such as CompTIA Security+ or equivalent (desirable) Practical experience preferred over formal education Security Clearance Requirements UK Nationals only Current SC clearance required DV preferred - or must be DV-eligible (as DV clearance will be More ❯

the Cyber Security Engineering Manager, you will be responsible for designing, implementing and maintaining our next-generation detection and log management platforms. This role sits at the intersection of SIEM engineering, cloud security, and advanced log pipeline management, ensuring that our enterprise maintains world-class detection fidelity, threat visibility and compliance across diverse environments.You will help us deliver improvements across … Detection. Additionally, you will work closely with our Cyber Security Operation Centre, wider security functions, specialist 3rd party security suppliers and our global IT and business teams. Key Responsibilities: SIEM engineering & Operations: Development of advanced detection rules, correlation searches, and playbooks to improve threat detection and response Perform log source onboarding, parsing, and data normalisation on various data types Experience … with design, development, configuration and maintenance of SIEM alerts to support our SOC Operations Log Management & Data Engineering: Engineer and maintain log pipelines using Cribl to optimise ingestion, filtering, routing and replay Ability to work confidently on intelligent log transformation, data enrichment and routing strategies Architect scalable solutions for log archival, data rehydration and compliance-driven retention Cloud Security: Leverage More ❯

the fundamental Cloud Security Domains - Governance, Risk and Control (GRC), Identity and Access Management, Cloud Network and Compute Infrastructure Security, Data Protection (at-rest/in-transit), Workload Security, SIEM, Logging and Monitoring. Experience with Cloud Security Frameworks e.g. AWS Well-Architected, Google Cloud Security Foundations, and/or Open Architecture Frameworks e.g. TOGAF. AI Security Assurance for Cloud-based …/or architecture experience in the fundamental Cloud Security Domains - Identity and Access Management, Cloud Network and Compute Infrastructure Security, Data Protection (at-rest/in-transit), Workload Security, SIEM, Logging and Monitoring. In depth knowledge of various Cloud Models - IaaS, PaaS, SaaS, hybrid and multi-cloud models. Familiar with common industry cloud providers - AWS, GCP, Azure, OCI. Practical understanding More ❯

Role: Security Information & Event Monitoring (SIEM) Engineer – **Security Cleared** Location: Reading/Havant – UK Mode: Hybrid (2 days office) Language: English Mandatory - **Clearance: Must be Security Cleared (Active SC)** Job Summary: Looking for an experienced SIEM Engineer to maintain and enhance the Security Monitoring platform. Responsible for log onboarding, custom parsers, rule creation, automation for triage and remediation, and integration … with other security tools. Key Responsibilities: Develop and manage the SIEM platform ensuring scalability and performance. Plan and implement solutions for security monitoring. Design and maintain detection rules. Lead and mentor SIEM team. Work closely with Threat Detection & Response team to support incident handling. Required Skills: Proven hands-on experience in SIEM engineering. Strong understanding of security logs across domains More ❯

DHCW sites to support operational and team activities. Main duties of the job Lead and manage cyber security operations, ensuring the effective use of Security Information and Event Management (SIEM) systems, access controls, and incident response tools. Oversee the monitoring, investigation, and resolution of security incidents and vulnerabilities. Support delivery of national cyber initiatives, policies, and reporting requirements. Provide expert … manage, coordinate and improve the security activities and resources for the IT systems and applications within a large complex organisation. Previous experience in managing Security Information and Event Management (SIEM) systems Skills and Attributes Essential Technical Adaptability skills to learn and assess new methodologies or technologies quickly, understanding their wider implications and where appropriate implement them. Able to work flexibly More ❯