SIEM Engineer in London

We are looking for a Managing Security Engineer to lead the design, implementation and documentation of enterprise security monitoring platforms. This is a key technical leadership role, responsible for ensuring the right tooling, controls and processes are in place to help protect and monitor our clients’ environments. This opportunity is ideally suited to someone with strong hands‑on experience deploying and managing Splunk at enterprise scale. In return, the role offers the chance to broaden your capability and gain deeper experience in Elastic Security, with support to build your expertise further.

You will work closely with cross‑functional teams to assess risk, design effective security controls and define testing requirements. You will champion security by design, promote engineering excellence and act as a trusted advisor to clients, helping them understand their security challenges and implement practical, effective solutions to strengthen their security posture. This is an excellent opportunity to deepen your hands‑on cybersecurity expertise while making a meaningful impact across both client and organisational security. This role is permanent and requires full‑time, on‑site working in Hemel Hempstead. The successful candidate may also participate in an out‑of‑hours call‑out rota.

What you will be doing:

• Lead the deployment, management and optimisation of Splunk Enterprise and Splunk ES platforms in large, complex environments.
• Support and develop capability in Elastic Stack / Elastic Security, with training and upskilling provided as needed.
• Design, implement and maintain data pipelines, including log ingestion, enrichment and schema standardisation.
• Develop and tune security detection content, translating threat intelligence and TTPs aligned to MITRE ATT&CK into actionable, high‑value alerts.
• Manage the full detection content lifecycle: design, test, deploy, monitor, tune and retire, using version control and rollback processes.
• Automate workflows and platform configurations using CI/CD, SOAR, scripting and Infrastructure as Code tools such as Terraform and Ansible.
• Ensure platform performance, stability and resilience through capacity planning, high availability, disaster recovery and proactive monitoring.
• Provide technical leadership and guidance to internal teams and clients on security monitoring strategy and best practice.

What you will bring:

• Proven experience deploying and managing Splunk at enterprise scale.
• Strong hands‑on knowledge of SIEM engineering, including indexing, parsing, onboarding and performance tuning.
• Experience designing and optimising detection content, including MITRE ATT&CK‑aligned use cases and alert tuning to reduce noise.
• Good understanding of data pipeline engineering, log enrichment, data quality and large‑scale ingestion architectures.
• Strong knowledge of SPL; experience with KQL and EQL would be beneficial, but is not essential.
• Experience with automation and Infrastructure‑as‑Code within security monitoring or SIEM environments.
• Solid understanding of SIEM platform operations, including clustering, scaling, high availability, disaster recovery and performance optimisation.
• Strong problem‑solving skills and a proactive approach to improving security operations.
• An interest in developing expertise in Elastic Security, with support and training available as part of the role.

Employment Type: Full Time, Permanent

Location: Hemel Hempstead

Security Clearance Level: DV Cleared

Salary: from £DOE

Benefits: £5400 Car Allowance, 25 days annual leave with the option to buy additional days, private health care, life assurance, pension, and generous flexible benefits fund.

We embrace difference as a source of creativity, innovation and competitive advantage and are striving to become a more diverse organisation. We welcome applications from people with a diverse variety of backgrounds and identities. We are committed to equality of opportunity for all and do not discriminate on the basis of race, religion, colour, gender, age, disability, sexual orientation or marital status. We have partnered with Vercida, the UK's largest diversity and inclusion focused careers site, where all our vacancies are available in an accessible format. We participate in the Disability Confident scheme and are committed to offering an interview to any candidate with a disability, who meets the minimum criteria for the role. If you believe this could apply to you, please let us know when completing your application.