Senior SIEM & Incident Response Engineer

Help Build Europe's Hypersonic Capability At Hypersonica, we’re redefining what’s possible in European defence technology. We exist to deliver speed, resilience, and technological independence at a pace that sets a new standard. We are a small, elite team working on problems that matter, and solving them fast. By joining Hypersonica, you’re not stepping into a predefined role. You’re joining a talent‑dense environment where every individual shapes the direction of the company. Our philosophy is to hire a small number of exceptional people with broad, deep technical capability, strong judgement, and the ability to operate autonomously. We hire for talent, not rigid boxes. This role represents a business need, but the way it evolves will be shaped by the individual. If you’ve achieved what others said was impossible, or you bring a unique combination of skills that doesn’t fit a traditional mould, we want to hear from you. The work you do here directly contributes to Europe’s technological independence.

What you’ll do:

• Design, build, and operate a centralised Security Information and Event Management (SIEM) platform to aggregate and analyse security logs across infrastructure, networks, and applications.
• Own security log analysis, vulnerability management and incident investigation: establish baselines, create alerting rules for critical security events, and drive rapid incident investigation through log correlation.
• Perform security hardening on systems and applications: define hardening standards, implement configurations, and audit compliance.
• Investigate security incidents through log analysis and become the on‑call responder when something breaks or looks suspicious.
• Collaborate closely with Information Security Management to ensure compliance with security policies, regulations (Cyber Essentials, DEF STAN 05‑138, ISO 27001, Grundschutz++), and customer requirements.
• Build and maintain comprehensive documentation of SIEM architecture, hardening standards, incident response procedures, and security controls for auditors and the team.

Who you are:

• 3+ years hands‑on SIEM deployment & log analysis (preferably ELK Stack, Opensearch, Wazuh, Microsoft Defender); production incident investigation experience.
• Deep knowledge of Linux & Windows system hardening; hands‑on experience with CIS Benchmarks, STIGs, or similar frameworks.
• Strong scripting for security automation, log parsing, and alerting rule development.
• Ability to design security controls that balance operational friction with security posture.
• Security‑minded by default: you think in access control, threat detection, and auditability.
• High autonomy and good judgement. You can investigate incidents end‑to‑end and elevate appropriately.
• Practical operator, not a perfectionist. You prioritise getting secure systems in place and improving iteratively.

Security and Eligibility Requirement:

Due to the nature of the work with the UK MOD, applicants must be a British Citizen (or Dual UK national with British citizenship) and eligible for UK Security Clearance (SC) and, where required, Developed Vetting (DV).

What we offer:

• A mission‑driven environment with direct impact on Europe’s defence capability and sovereign security.
• Ownership and autonomy: you own SIEM deployment, hardening standards, and incident response.
• No micromanagement, just clear objectives and accountability for outcomes.
• Daily collaboration with top experts across engineering, operations, and defence leadership.
• A fast‑paced environment where good ideas are implemented quickly, and your security work directly improves company resilience.
• A culture that values clarity, integrity, and excellence, and supports people who take initiative and push boundaries responsibly.
• Competitive compensation and real share options aligned to responsibility and impact, not tenure or hierarchy.

Hypersonica is an equal‑opportunity employer and assesses candidates solely on merit, capability, and potential.