CrawlJobs Logo
Fynity Logo Fynity · IT - Software Development

Lead SIEM Engineer

United Kingdom, Farnborough 70000.00 - 75000.00 GBP / Year · Job Posted December 08, 2025
Apply Position
Job Link Share

Job Description

Are you ready to take the lead in shaping one of the most advanced SIEM environments in the UK defence sector? We’re looking for a Lead SIEM Engineer to join a growing SOC team supporting high-profile, mission-critical clients. You’ll be the go-to expert for all things SIEM, driving how we detect, defend, and deliver across multiple secure projects. If you love taking ownership, working with cutting-edge tools, and leading the way in proactive threat detection, this is the role for you. This is more than a technical role it’s a chance to lead and influence how some of the UK’s most secure organisations use SIEM to protect what matters most. You’ll join a growing, forward-thinking SOC team where innovation is encouraged, career growth is real, and your work will make a tangible impact every single day.

Job Responsibility

  • Leading the design, development and tuning of SIEM content – rules, dashboards, alerts and reports that spot threats fast
  • Acting as the technical authority on SIEM engineering, ensuring the platform runs efficiently and delivers real value
  • Working with SOC Analysts, Threat Hunters and Architects to enhance SIEM use cases and boost detection accuracy
  • Bringing new ideas and threat intelligence to evolve the SIEM strategy and stay ahead of emerging risks
  • Mentoring junior engineers, setting standards, and helping shape the future of SIEM operations

Requirements

  • Strong hands-on experience leading SIEM engineering projects using platforms such as Splunk, Sentinel or QRadar
  • A deep understanding of cybersecurity frameworks and best practice (NIST, ISO, CIS, PCI DSS)
  • Scripting ability in Python, PowerShell and Regex for tuning and automation
  • Excellent communication skills and the ability to collaborate across teams and projects
  • DV Clearance must be eligible and willing to obtain
Fynity - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Lead SIEM Engineer

8 matching positions

Lead SIEM Engineer

Lead SOC SIEM Engineer. Senior SOC SIEM Content Engineer to join and large expan...
Location
Location
United Kingdom , Hemel Hempstead
Salary
Salary:
70000.00 - 75000.00 GBP / Year
thepeoplenetwork.co.uk Logo
Fynity
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Solid hands-on experience with SIEM tools like Splunk, Sentinel or QRadar
  • A good grip on security best practices and standards (ISO 27001/27002, PCI DSS)
  • Familiarity with frameworks such as NIST, ISO and CIS
  • Comfortable scripting in Python, PowerShell and regex
  • The ability to work across multiple projects and still keep the detail sharp
  • Willing and able to get DV clearance
Job Responsibility
Job Responsibility
  • Building, tuning and looking after SIEM content such as rules, dashboards, and reports, making sure threats don’t get missed
  • Keeping an eye on the data, spotting issues early and helping us respond quickly
  • Working side by side with Analysts, Architects, PMs and Engineers to make sure the SIEM content hits the mark
  • Bringing the latest threat intel, vulnerabilities and attack methods into our set-up
  • Helping to shape and maintain security standards and procedures
  • Fulltime
Read More
Arrow Right

Cybersecurity Engineer / Team Lead

The Senior Cybersecurity Engineer / Team Lead provides technical leadership and ...
Location
Location
United States , Arlington
Salary
Salary:
103275.00 - 239062.00 USD / Year
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Masters Degree, One-and-one-half (1.5) years of additional experience can substitute for one (1) year of a typical degree program
  • Minimum 10 years' experience performing the cybersecurity and team lead tasks/responsibilities listed above
  • Ability to obtain and maintain a public trust clearance
Job Responsibility
Job Responsibility
  • Lead full lifecycle NIST RMF activities, including categorization, control implementation, security assessment, POA&M management, and ATO sustainment
  • Ensure compliance with federal security standards such as FISMA, HIPAA, and agency-specific security policies
  • Coordinate with assessment and authorization stakeholders to maintain documentation, respond to findings, and support audits and system reviews
  • Oversee enterprise vulnerability scanning operations using tools such as Nessus and agency-approved scanners
  • Review scan results, validate findings, determine criticality, and coordinate remediation with system owners and operations teams
  • Develop and maintain processes for continuous monitoring, risk scoring, and reporting to leadership
  • Integrate threat intelligence platforms to identify emerging risks and drive proactive mitigation strategies
  • Support security audits, penetration tests, and secure configuration enforcement
  • Lead coordination with internal security teams, IT operations, legal/compliance, and government stakeholders to ensure proper handling, documentation, and reporting
  • Use enterprise security tools (e.g., SIEM platforms, endpoint protection, IDS/IPS) to monitor events and support investigations
What we offer
What we offer
  • medical insurance
  • dental insurance
  • vision insurance
  • flexible spending or health savings account
  • life and AD&D insurance
  • short and long term disability coverage
  • paid time off
  • employee assistance
  • participation in a 401k program with company match
  • additional voluntary or legally-required benefits
  • Fulltime
Read More
Arrow Right

Lead Security Engineer

Location
Location
United States , Fort Washington
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years of security engineering or security operations experience
  • Strong incident response and remediation background
  • Experience designing and maintaining enterprise security controls
  • Excellent troubleshooting and communication skills
Job Responsibility
Job Responsibility
  • Serve as the technical lead for security operations and incident response
  • Assist in investigation, containment, and remediation of severity incidents
  • Design, implement, and tune security controls across identity, endpoint, email, network, and SIEM platforms
  • Maintain and improve detection quality, response playbooks, and operational documentation
  • Participate in after-hours on-call rotation and provide escalation leadership
Read More
Arrow Right

Lead Cyber Security Engineer

FinXL is seeking an experienced Lead Cyber Security Engineer to design automated...
Location
Location
Australia , Canberra
Salary
Salary:
Not provided
finxl.com.au Logo
FinXL
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Proven experience building integrations between SIEM platforms and enterprise systems
  • Knowledge of log ingestion from hybrid environments (Azure and AWS)
  • Experience designing, implementing, and testing security automation playbooks
  • Strong technical documentation skills and a collaborative, team-first mindset
  • Must have be Australian Citizen with minimum of NV1 Clearance
Job Responsibility
Job Responsibility
  • Developing and maintaining playbooks and automated workflows
  • Identifying patterns in logs/events to develop proactive countermeasures
  • Leading incident response, remediation, and threat hunting activities
  • Contributing to security uplift initiatives and emerging tech assessments
Read More
Arrow Right
New

Information Security Manager

We are looking for a Lab Security Manager who can rise to the complexity of prot...
Location
Location
United States , Austin
Salary
Salary:
152000.00 - 228000.00 USD / Year
amd.com Logo
AMD
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Background in semiconductor, hardware engineering, or other R&D-intensive industries where pre-release IP protection is mission-critical
  • Experience evaluating and securing connectivity to ODC (Outsourced Design Center) or OSAT (Outsourced Semiconductor Assembly and Test) partners, or equivalent third-party manufacturing and engineering partners in the semiconductor supply chain
  • Experience securing AI/ML compute infrastructure, including familiarity with GPU cluster deployments, fabric interconnects, and associated operational environments
  • One or more relevant certifications: CISSP, CISM, GIAC or equivalent
  • Experience working in or alongside a Security Operations Center (SOC), including familiarity with SIEM platforms, UEBA tools, and alert triage workflows
  • Prior experience in a role that required coordination across physical security, IT security, and legal/compliance functions simultaneously
  • BS/MS preferred in related field
  • SANS, MCSE, RHCSS, CISSP, CISA, CISM certification(s)
Job Responsibility
Job Responsibility
  • Define and enforce security standards across global labs and compute facilities
  • Partner with facilities teams to embed security into lab design and operations
  • Maintain site-specific security plans for critical locations
  • Establish security controls for large-scale compute environments (e.g., GPU clusters, AI farms)
  • Enforce network segmentation, monitoring, and anomaly detection
  • Mitigate risks at the intersection of physical and logical access
  • Lead protection of sensitive IP, including pre-release hardware and software
  • Develop insider threat controls and collaborate with HR, Legal, and SOC
  • Manage protocols for handling sensitive assets, visitors, and contractors
  • Ensure compliance with EAR, ISO, NIST, and other frameworks
  • Fulltime
Read More
Arrow Right
New

Senior Agentic Identity & Access Security Engineer

Our client is a leading global investment management company headquartered in Lo...
Location
Location
Poland; Spain; United Kingdom
Salary
Salary:
Not provided
Intellias
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years in security architecture and/or platform engineering, with a track record of shipping production code
  • Principal / Staff-level depth, ideally in a high-velocity or quant / financial-services engineering culture
  • Deep, mechanical command of modern identity and authorisation: OIDC / OAuth2 / JWT — token issuance flows, claims design, and delegation / impersonation patterns
  • Hands-on HashiCorp Vault experience, including dynamic / short-lived secrets and the realities of migrating off long-lived tokens without breaking a large application estate at once
  • Keycloak policy modelling, ideally with the Terraform-driven configuration the firm already uses
  • Strong Terraform / IaC fluency — enough to design repeatable, self-service patterns that others adopt, rather than bespoke per-team setups
  • Working knowledge of the Active Directory + Entra legacy reality: nested groups, LDAP-backed role mapping, and the distribution-list-as-permission-group failure mode — able to design around the mess pragmatically
Job Responsibility
Job Responsibility
  • Design and ship IaC-driven, self-service identity patterns that roll out firm-wide without requiring a full Active Directory cleanup first
  • Define the currently undefined agentic runtime security model: containerised code execution, permission delegation to agents, and MCP-based tool access
  • Lead the transition from long-lived secrets toward ephemeral, time-based, risk-scored credentials, scoped to task duration and issued via JWT / OIDC
  • Layer LLM / software guardrails (policy-as-text plus human review) on top of whatever hard guardrails are feasible across the estate
  • Establish an opinionated onboarding standard (e.g. mandatory MCP interfaces) and win adoption through better defaults and developer experience, not mandate alone
  • Design SIEM integration, behavioural baselining, and anomaly detection for agentic workflows, and centralise siloed audit logs to satisfy both security and regulatory requirements
  • Take bounded beachheads (for example, authenticate users and then delegate scoped access to internal systems) from vague to delivered
  • Fulltime
Read More
Arrow Right
New

Senior Agentic Identity & Access Security Engineer

Our client is a leading global investment management company headquartered in Lo...
Location
Location
Poland;Spain;United Kingdom
Salary
Salary:
Not provided
Intellias
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 6+ years in security architecture and/or platform engineering, with a track record of shipping production code. Principal / Staff-level depth, ideally in a high-velocity or quant / financial-services engineering culture
  • Deep, mechanical command of modern identity and authorisation: OIDC / OAuth2 / JWT — token issuance flows, claims design, and delegation / impersonation patterns
  • Hands-on HashiCorp Vault experience, including dynamic / short-lived secrets and the realities of migrating off long-lived tokens without breaking a large application estate at once
  • Keycloak policy modelling, ideally with the Terraform-driven configuration the firm already uses
  • Strong Terraform / IaC fluency — enough to design repeatable, self-service patterns that others adopt, rather than bespoke per-team setups
  • Working knowledge of the Active Directory + Entra legacy reality: nested groups, LDAP-backed role mapping, and the distribution-list-as-permission-group failure mode — able to design around the mess pragmatically
Job Responsibility
Job Responsibility
  • Design and ship IaC-driven, self-service identity patterns that roll out firm-wide without requiring a full Active Directory cleanup first
  • Define the currently undefined agentic runtime security model: containerised code execution, permission delegation to agents, and MCP-based tool access
  • Lead the transition from long-lived secrets toward ephemeral, time-based, risk-scored credentials, scoped to task duration and issued via JWT / OIDC
  • Layer LLM / software guardrails (policy-as-text plus human review) on top of whatever hard guardrails are feasible across the estate
  • Establish an opinionated onboarding standard (e.g. mandatory MCP interfaces) and win adoption through better defaults and developer experience, not mandate alone
  • Design SIEM integration, behavioural baselining, and anomaly detection for agentic workflows, and centralise siloed audit logs to satisfy both security and regulatory requirements
  • Take bounded beachheads (for example, authenticate users and then delegate scoped access to internal systems) from vague to delivered
Read More
Arrow Right
New

Agentic Identity & Access Security Architect

Our client is a leading global investment management company headquartered in Lo...
Location
Location
Poland; United Kingdom
Salary
Salary:
Not provided
Intellias
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years in security architecture and/or platform engineering, with a track record of shipping production code
  • Principal / Staff-level depth, ideally in a high-velocity or quant / financial-services engineering culture
  • Deep, mechanical command of modern identity and authorisation: OIDC / OAuth2 / JWT — token issuance flows, claims design, and delegation / impersonation patterns
  • Hands-on HashiCorp Vault experience, including dynamic / short-lived secrets and the realities of migrating off long-lived tokens without breaking a large application estate at once
  • Keycloak policy modelling, ideally with the Terraform-driven configuration the firm already uses
  • Strong Terraform / IaC fluency — enough to design repeatable, self-service patterns that others adopt, rather than bespoke per-team setups
  • Working knowledge of the Active Directory + Entra legacy reality: nested groups, LDAP-backed role mapping, and the distribution-list-as-permission-group failure mode — able to design around the mess pragmatically
Job Responsibility
Job Responsibility
  • Design and ship IaC-driven, self-service identity patterns that roll out firm-wide without requiring a full Active Directory cleanup first
  • Define the currently undefined agentic runtime security model: containerised code execution, permission delegation to agents, and MCP-based tool access
  • Lead the transition from long-lived secrets toward ephemeral, time-based, risk-scored credentials, scoped to task duration and issued via JWT / OIDC
  • Layer LLM / software guardrails (policy-as-text plus human review) on top of whatever hard guardrails are feasible across the estate
  • Establish an opinionated onboarding standard (e.g. mandatory MCP interfaces) and win adoption through better defaults and developer experience, not mandate alone
  • Design SIEM integration, behavioural baselining, and anomaly detection for agentic workflows, and centralise siloed audit logs to satisfy both security and regulatory requirements
  • Take bounded beachheads (for example, authenticate users and then delegate scoped access to internal systems) from vague to delivered
Read More
Arrow Right