SIEM Engineer

We are looking for a Managing Security Engineer, you will lead the design, implementation and documentation of security monitoring platforms. You will ensure the right tooling is in place to protect and monitor our clients, working closely with cross-functional teams to assess risk, design security controls and define testing requirements.

You will be a key technical leader, championing security by design and fostering a strong culture of security and engineering excellence across Sopra Steria. Acting as a trusted advisor, you will help clients understand their security challenges and lead the planning and implementation of effective controls to strengthen their security posture.

This role offers an excellent opportunity to deepen your hands-on cybersecurity expertise while making a meaningful impact on both client and organisational security.

This role is permanent and requires full time, on-site working in Hemel Hempstead. This role will also potentially be partaking in an out of hours call-out rota.

What you will be doing:

• Deploy, manage and optimise Elastic Stack (Elastic Security) and Splunk (Enterprise & ES) platforms at scale.
• Design, implement and maintain data pipelines, including log ingestion, enrichment and schema standardisation (ECS/CIM).
• Develop and tune security detection rules, translating threat intel and TTPs (MITRE ATT&CK) into actionable, low-noise alerts.
• Manage the full content lifecycle: design * test * deploy * monitor * tune * retire, with version control and rollback.
• Automate workflows and configurations using CI/CD, SOAR, scripting and IaC tools (Terraform, Ansible).
• Ensure platform performance, stability and reliability, including capacity planning, high availability, disaster recovery and proactive monitoring.

• Hands-on experience with Elastic Security and Splunk ES, including detection engineering, indexing, parsing and performance tuning.
• Strong expertise in data pipeline engineering, log enrichment, data quality and large-scale ingestion architectures (ECS/CIM).
• Proven ability to design, test and optimise detection content, including MITRE ATT&CK-aligned rules and risk-based alerting (RBA).
• Advanced knowledge of SPL, KQL and EQL, focused on detection quality and noise reduction.
• Experience with automation and Infrastructure-as-Code in SIEM environments.
• Deep understanding of SIEM platform operations, including clustering, high availability, disaster recovery, scaling and performance optimisation.
• Strong problem-solving skills with a proactive approach to improving security operations.

If you are interested in this role but not sure if your skills and experience are exactly what we're looking for, please do apply, we'd love to hear from you!

Although this role is advertised as full-time, we support different ways of working and can offer a range of flexible working arrangements. So, if you're interested and need to work flexibly, we encourage you to apply and talk to us about what might be possible.

Sopra Steria's Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client's goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK's most complex safety- and security-critical markets.