SIEM Application Engineer

The SIEM Application Engineer is responsible for the design, deployment, management, and optimisation of Security Information and Event Management (SIEM) platforms to enhance threat detection, monitoring, and incident response capabilities across enterprise environments.

This role focuses on building and maintaining scalable SIEM solutions-primarily leveraging Elasticsearch-based technologies-to support security operations, regulatory compliance, and continuous improvement of organisational security posture., SIEM platforms are a core component of modern security architecture, enabling effective monitoring, threat detection, and response across complex IT and network environments. This role plays a critical part in ensuring SIEM solutions are reliable, performant, and aligned with security standards and frameworks.

The SIEM Application Engineer works closely with security analysts, architects, and operations teams to support strategic security objectives, improve detection coverage, and respond to evolving cyber threats., * Design and implement SIEM solutions in collaboration with security analysts and architects.

• Develop, optimise, and maintain detection rules, alerts, and dashboards to improve threat visibility.
• Support the full SIEM lifecycle, including development, deployment, and ongoing optimisation.

Collaboration & Communication

• Work effectively with cross-functional security and engineering teams.
• Produce clear technical documentation and present solutions to both technical and non-technical stakeholders.

Query Optimisation & Performance Tuning

• Develop efficient queries to extract and analyse security events.
• Monitor SIEM platform health and performance, addressing scalability and efficiency issues.
• Optimise data ingestion pipelines and indexing strategies.

Security Engineering & Operations Support

• Contribute to security engineering initiatives, platform transitions, and transformation projects.
• Integrate SIEM with security operations and incident response tooling.
• Stay current with emerging threats, attack techniques, and security best practices.

• Strong experience configuring and operating SIEM platforms (Elasticsearch-based solutions preferred).
• Ability to create, test, and optimise detection rules aligned to the MITRE ATT&CK framework.
• Experience improving detection fidelity while reducing false positives., * Hands-on experience with Elasticsearch query optimisation, indexing, and mappings.
• Performance tuning of Elasticsearch and Logstash pipelines.
• Experience using Kibana for dashboards, visualisations, and operational monitoring.

Security & Compliance

• Implementation of access controls, authentication, and encryption within SIEM platforms.
• Understanding of security policy, governance, and regulatory frameworks.
• Experience supporting compliance with data protection and security standards., * Experience with the Elastic Stack (ELK) in enterprise environments.
• Knowledge of offensive security frameworks and adversary techniques.
• Experience with cloud platforms (public or private), containerisation, and orchestration (e.g. Kubernetes).
• Familiarity with DevOps practices, Git, and CI/CD pipelines.
• Infrastructure-as-Code experience (e.g. Terraform, Ansible).
• Relevant cybersecurity certifications.
• 3-5+ years' experience in cybersecurity engineering or delivery roles., * Ownership of outcomes and accountability for deliverables.
• Customer-focused mindset with an emphasis on quality and reliability.
• Ability to design solutions with long-term scalability and sustainability in mind., * Bachelor's or Master's degree in Computer Science, Engineering, Information Systems, or a related field (or equivalent experience).
• 5+ years' experience delivering cybersecurity or security engineering solutions.
• Broad experience across enterprise security controls such as SIEM, vulnerability management, access management, and monitoring platforms, ideally from both development and operational perspectives.