SIEM Application Engineer

• Analyse alerts generated by Elastic Security and validate detection accuracy.
• Tune and optimise existing Elastic SIEM detection rules to improve fidelity and reduce false positives.
• Map detections to the MITRE ATT&CK framework and identify coverage gaps.
• Produce clear detection reports, tuning documentation, and analysis summaries.
• Collaborate with SOC analysts, incident responders, and security engineering teams.

• Hands-on experience with Elastic Security / Elastic SIEM, Kibana, and Elasticsearch queries (EQL/KQL).
• Strong understanding of detection logic, alert tuning, and threat behaviours.
• Familiarity with MITRE ATT&CK.
• Strong written communication skills for reporting and documentation.

Nice to Have

• Experience in SOC, detection engineering, or threat hunting.
• Exposure to common log types (endpoint, network, cloud).
• Security certifications (Elastic, Security+, CySA+, etc.).