IF Recruitment Ltd

The Role: We are working with a global enterprise who has an opening for a SIEM Engineer/Cyber Security Engineer with experience of building rules to detect threats. The successful team will be working with an established team of engineers to build a new SIEM platform. SIEM Solution Development: Collaborate with security analysts and architects to design and implement SIEM solutions using Elasticsearch. Optimize SIEM rules, alerts, and dashboards for efficient threat detection. Collaboration: Collaborate effectively with others to drive forward key security objectives Query Optimization and Performance Tuning: Write efficient Elasticsearch queries to retrieve relevant security events. Monitor and manage the performance of the SIEM infrastructure. Security Engineering: Contribute to security engineering projects, transitions, and transformations. Work closely with security operations and associated security incident response systems Stay informed about emerging threats and security best practices. Skills Required: 3 years + experience working in a Cyber Security Engineer/SIEM Engineer role. Experience setting up access controls, authentication and encryption using Elastic Security features. Knowledge of detection rule development. Including the ability to create, test and optimise detection rules to identify suspicious activities and potential threats. Performance Tuning with Elasticsearch and Logstash including fine-tune query performance using Elasticsearch indices and mappings. Experience of monitoring Logstash pipelines. Experience with Kibana visualization and monitoring. Creating custom visualizations to track data quality metrics and systems performance. Knowledge of offensive testing frameworks advantageous.