SIEM Engineer

EY is looking for a Senior SIEM Engineer to join their Cyber Security team in Málaga, Spain. In this hybrid role, you will work on Threat Detection & Response solutions focusing on Microsoft Sentinel and provide clients with insights into secure cloud-native security platforms., * Integrate data sources into Microsoft Sentinel and ensure data quality.

• Design and implement analytics rules and SIEM use cases.
• Continuously optimize detection, response, and automation capabilities.

Conhecimentos

Cloud security concepts SIEM architectures MITRE ATT&CK framework Troubleshooting skills Analytical thinking Scripting (Python, PowerShell, Bash) Communication

Ferramentas

Microsoft Sentinel Splunk Azure Logic Apps Elastic/ELK Wazuh Descrição da oferta de emprego SIEM Engineer - Senior - EY GDS Spain - Hybrid, As a Senior SIEM Engineer, you are part of the EY Cyber Security team, working in a Threat Detection & Response (TDR) environment with a strong focus on Microsoft Sentinel and XDR. You design, integrate, and operate SIEM use cases and automations and support clients in securely operating modern cloud-native security platforms. Knowledge of Splunk or open-source SIEM ecosystems (e.g., Elastic/ELK, Wazuh) is considered a strong advantage. Your Key Responsibilities

• Integrate data sources into Microsoft Sentinel (cloud, identity, endpoint, network, and on-prem) and ensure data quality and normalization.
• Design, implement, and operate analytics rules, SIEM use cases, and hunting queries (KQL; SPL experience is a plus).
• Develop and maintain playbooks and automations using Azure Logic Apps to enrich, orchestrate, and standardize response workflows.
• Act as a technical subject matter expert for SIEM and Microsoft Sentinel/XDR solutions and provide hands-on guidance to stakeholders.

Optimize SOC Operations

• Continuously optimize detection, response, and automation capabilities (tuning, false-positive reduction, performance, and maintainability).
• Contribute to engineering best practices such as documentation, repeatable deployments, and (where applicable) detection/content as code.

The ideal candidate has 2 to 4 years of SIEM engineering experience, strong cloud security knowledge, and adept scripting abilities. The position offers an opportunity to enhance SOC operations and streamline security processes., * 2 - + 4 years of experience in SIEM engineering, ideally with Microsoft Sentinel.

• Hands-on experience with Azure, Windows/Linux, and scripting.
• English at least B2 (written and spoken) is required., * Strong knowledge of cloud security concepts, SIEM architectures, and the MITRE ATT&CK framework.
• Hands-on engineering mindset with solid troubleshooting, analytical thinking, and attention to detail.
• Pragmatic communicator who can translate complex technical topics into actionable recommendations for different audiences.
• Ownership and quality focus: audit-ready documentation, structured delivery, and continuous improvement.

To Qualify for the Role

• 2 - + 4 years of experience in SIEM engineering (design, onboarding, use case development, tuning, and operations), ideally with Microsoft Sentinel.
• Hands-on experience with Azure, Windows/Linux, and scripting (e.g., Python, PowerShell, Bash) as well as automation concepts.
• Experience building or operating SOAR-style automations (e.g., Logic Apps / playbooks) in a security operations context.
• English at least B2 (written and spoken) is required.

Ideally you'd also have

• Splunk experience (SPL, data onboarding, correlations, dashboards) and/or open-source SIEM experience (e.g., Elastic/ELK, Wazuh).
• Experience working in regulated environments and familiarity with operational processes (ITSM, incident workflow alignment).
• Relevant certifications (e.g., SC-200, AZ-500, or comparable cloud/security certifications) are a plus.