Lead SIEM Engineer

Lead SIEM Engineer

Glasgow
JR023245

Cyber Response Platforms is looking for an experienced (10+ years) cyber-security professional to join their team as a SIEM lead. Our ideal candidate has hands-on experience in computer network defence working either in a Security Operations Center or Cyber Incident Response Team.

You will lead a team of technologists and cyber-security professionals that are dedicated to improving the coverage, quality and automation of cyber-security detection and response.

Primary Responsibilities

• Supervise and govern the development of analytics in Splunk (SPL) or Elastic Search (EQL) to detect actionable security alerts
• Develop and fine-tune advanced detection rules, alerting mechanisms, and use cases to identify and respond to sophisticated security threats
• Create comprehensive security metrics, reports, dashboards, providing detailed insights into the organization's security posture
• Ensure that the SIEM solution complies with global regulatory standards and industry best practices
• Mentor and guide SIEM engineers, fostering a culture of continuous learning and development within the team
• Participate in the development of the organization's security strategy and contribute to its execution
• Monitor and support SIEM platforms to ensure security and stability of SOC infrastructure

• Provide day-to-day leadership and oversight for the SIEM engineering team, ensuring alignment with strategic goals and operational priorities
• Facilitate regular team standups, retrospectives, and planning sessions to promote transparency and accountability
• Coach team members on technical and professional growth, offering constructive feedback and career development support
• Champion a collaborative and inclusive team culture that encourages innovation, ownership, and continuous improvement
• Identify and address skill gaps through targeted training, mentoring, and knowledge-sharing initiatives
• Act as a point of escalation for technical challenges and team dynamics, resolving issues with empathy and decisiveness
• Collaborate with cross-functional teams to ensure seamless integration of SIEM capabilities into broader cyber response workflows Skills required (essential)
• Minimum of 10 years of experience in cyber detection engineering or incident response
• Strong understanding of network security, endpoint detection and computer forensics
• Experience in the creation and management of detection logic in SIEMs (e.g Elastic Search, Splunk, ArcSight, Microsoft Sentinel)
• Experience with SIEM rule tuning, correlation logic, alert de-duplication and false-positive reduction techniques
• Strong knowledge of exploitation techniques (e.g. MITRE ATT&CK) and use-case development
• Thorough TCP/IP and protocol experience (OSI L2-L7, DNS, HTTP, REST, SOAP)
• Highly experienced with Unix/Linux command-line tools and shell scripting
• Strong communication, task management and organizational skills

• Experience developing automations in SOAR (e.g. Palo Alto XSOAR, SumoLogic, Swimlane)
• Experience within the application of Indicators of Compromise (e.g. YARA rules, STIX and TAXII)
• Strong hands-on experience with a query language (e.g Splunk's SPL or Elastic's EQL, SQL)
• Experience with streaming data frameworks (e.g. Kafka, NiFi, Spark)
• Experience with CI/CD technology (e.g Jenkins, GitLab CI, GitHub Actions)
• Experience in the administration of systems (e.g. servers, desktops) or security controls (AV, Endpoint, IDS)
• Intermediate experience developing scripts in Python