Elastic SIEM Specialist

• Support NESTOR operations by building, tuning, and operating threat detection, log ingestion, and operational dashboards within Elastic
• Focus on improving detection quality and investigating alerts
• Collaborate closely with operational teams to deliver effective SIEM capabilities in constrained, mission-driven environments
• Ensure successful SIEM operations through effective management of log ingestion and data flow
• Design and maintain Kibana dashboards for enhanced operational visibility
• Triage SIEM alerts, investigate incidents, and determine root causes in a timely manner
• Write detection logic to refine threat identification processes

Technologies:

• ElasticSearch
• Flow
• Support
• Kibana
• Security, We are a Defence consultancy located in Farnborough, seeking an experienced Elastic SIEM Subject Matter Expert for a contract position. Our project focuses on significant security operations within MOD/Defence environments. This role requires onsite work, and successful candidates must be security cleared at DV Level prior to appointment. We offer a collaborative team environment, focusing on developing high-quality threat detection capabilities and operational dashboards.

• Strong hands-on experience with Elasticsearch, Kibana, and Elastic SIEM in operational environments
• Proven experience developing, tuning, and optimising SIEM detection rules to identify threats and reduce false positives
• Experience managing log ingestion pipelines and ensuring reliable data flow into Elasticsearch
• Proficiency in log parsing, normalisation, and enrichment to support high-quality detections
• Hands-on experience designing and maintaining Kibana dashboards for operational visibility
• Ability to triage SIEM alerts, investigate incidents, and determine root causes
• Familiarity with security operations workflows and incident response processes
• Experience writing detection logic using EQL, KQL, or similar query languages