SIEM Engineer

engineers, incident responders, and platform teams. About The Team Cyber Defence is the focal point for all security monitoring, detection, and response activities across Swiss Re. We are responsible for protecting the company by delivering high quality, reliable, and actionable security telemetry and detections. You will be part of a highly skilled, international engineering team within the Cyber Defence Product & Engineering unit, working closely with detection engineering, threat intelligence, and platform teams to continuously evolve our security monitoring capabilities. Responsibilities Design, build, and operate scalable and resilient log ingestion pipelines for security and operational telemetry. Engineer efficient ingestion patterns into Elastic, optimising performance, cost, reliability, and data quality. Develop and maintain integrations using Kafka, Azure Event Hub, and related streaming technologies. Implement log parsing, normalization, and enrichment to ensure high-fidelity, detection-ready data aligned with security use cases. Develop and maintain ingestion, transformation, and enrichment components using Python and Go, following modern software engineering best practices. Design, deploy, and operate log forwarders, including Elastic Agent, and manage agent policies and lifecycle using Elastic Fleet to ensure consistent, secure, and scalable telemetry collection across environments. Partner with detection engineers to ensure telemetry supports advanced detection logic, threat hunting, and incident response. Troubleshoot ingestion, latency, and data quality issues across distributed systems. Define and promote standards for logging, schemas, enrichment, and ingestion patterns across the organisation. Contribute to the continuous improvement of SIEM architecture, tooling, and operational processes. Act as a senior technical contributor, providing guidance, reviews, and mentoring to other engineers. About You You are a hands-on security engineer who enjoys

building robust platforms and solving complex data engineering challenges in security environments. You combine strong technical depth with a collaborative mindset and a passion for operational excellence. We are looking for candidates who meet many of the following criteria: Several years of experience in SIEM, security engineering, or large-scale log management. Strong understanding of security logging, telemetry, and common detection and response use cases. Hands-on experience with Elastic (Elasticsearch, data streams, ingest pipelines, performance tuning). Practical experience with Kafka and/or Azure Event Hub in production environments. Solid software engineering skills with Python and Go, including testing, version control, and CI/CD. Design and operate log ingestion components running in containerised and Kubernetes environments, using infrastructure-as-code and automation tools (e.g. Terraform) to ensure repeatable, secure, and scalable deployments. Experience designing and operating high-throughput, distributed ingestion systems. Good understanding of cloud environments (Azure preferred) and modern infrastructure concepts. Ability to communicate complex technical topics clearly to both technical and non-technical stakeholders. Self-driven, structured, and comfortable working in a global, agile setup. Nice to Have Experience with SIEM content development or close collaboration with detection engineering teams. Familiarity with security frameworks such as MITRE ATT&CK®. Experience integrating and using AI-powered tools to support log ingestion, enrichment, detection engineering, and incident response, improving signal quality and operational efficiency. Experience with log enrichment using asset, identity, or threat intelligence data. Exposure to SRE or platform engineering practices. Prior experience in regulated or large enterprise environments. What We Offer The opportunity to shape security monitoring at global scale in a leading re/insurance

company. A flexible hybrid working model balancing office collaboration and remote work. A diverse, inclusive, and international work environment. Strong focus on learning, technical excellence, and career development. Competitive compensation and benefits aligned with Swiss Re standards. Role For Spain the base salary range for this position is EUR 60 000 - EUR 100 000 for a full-time role. The specific salary offered considers the requirements, scope, complexity, and responsibilities of the role, the applicant's own profile including education/qualifications, specialisation, skills and experience. If you do not meet all the requirements or exceed them significantly, the offered salary may be below or above the advertised range. In addition to your base salary, you may be eligible for a performance-based bonus. Equal Opportunity and Diversity Swiss Re embraces an inclusive culture, ensuring equal opportunities for all, regardless of age, gender, race

{ "@context": "http://schema.org", "@type": "JobPosting", "baseSalary" : { "@type": "MonetaryAmount", "currency": "EUR", "value": { "@type": "QuantitativeValue", "value": 0.00, "unitText": "MONTH" } }, "datePosted": "2026-05-13", "validThrough" : "2026-05-26", "description": "About The Role Join Swiss Re's Cyber Defence organisation and help us fulfil our mission of making the world more resilient. As a Senior SIEM Engineer, you will play a key role in shaping and operating Swiss Re's log ingestion and security telemetry platform. You will work at scale, designing and engineering reliable, high-performance log pipelines that power detection, investigation, and response across our global environment. This role combines deep security engineering expertise with hands-on software development, focusing on log ingestion, parsing, enrichment, and optimisation of Elastic-based SIEM capabilities. You will work in a modern, cloud-centric environment, collaborating closely with detection