Security Engineer (SIEM) – Google Distributed Cloud (GDC)

Security Engineer (SIEM) – Google Distributed Cloud (GDC) Hybrid – London – 3 days per week on site in Central London Contract | Outside IR35 SC Clearance Required / DV Eligible UK Citizenship Required Pay rate : £500 per day 6 Months

Joining a small but busy consultancy who are engaged on a key Government Secure programme, who are designing and delivering secure-by-default digital platforms for a high-assurance environment on critical national infrastructure. They are currently building a new secure cloud platform based on Google Distributed Cloud (GDC) and are looking for an experienced Security Engineer (SIEM) to lead the design and implementation of its security monitoring and observability capabilities. This is an opportunity to build a SIEM capability from the ground up, influence security architecture decisions, and directly support SOC operations protecting critical public-sector services.

The Opportunity

As a Security Engineer (SIEM), you will take ownership of the security monitoring and observability stack across a highly secure GDC environment. You will design and implement SIEM integrations, onboard and normalise telemetry sources, develop detection capabilities, and help shape the overall monitoring strategy for the platform. Working closely with security architects, cloud engineers, SOC teams and external partners, you will help deliver actionable security insight across cloud, Kubernetes, and hybrid infrastructure environments.

What You’ll Be Doing

• SIEM Architecture & Design
• Design end-to-end SIEM architecture for a secure Google Distributed Cloud (GDC) platform
• Define logging, telemetry and event collection standards across infrastructure, Kubernetes, and application layers
• Determine data routing and monitoring strategies between local and on-prem SIEM environments
• SIEM Implementation & Integration
• Deploy and configure Elastic SIEM within Kubernetes-based environments
• Implement secure log forwarding across encrypted and network-restricted environments
• Integrate cloud audit logs, workload telemetry, Kubernetes logs, and security tooling into Elastic and existing SOC tooling
• Detection Engineering & SOC Enablement
• Develop detections-as-code capabilities using CI/CD and version-controlled pipelines
• Create and tune alerts, dashboards, and detection rules for SOC operations
• Align detection logic with threat intelligence and operational playbooks
• Observability & Operational Support
• Support platform monitoring, troubleshooting, and security visibility across complex environments
• Enable platform and application teams with secure self-service diagnostics capabilities
• Documentation & Compliance
• Produce operational guidance, integration documentation, and SOC runbooks
• Support assurance activities and ensure alignment with UK Government security requirements

What We’re Looking For

Essential Skills & Experience

• Strong experience as a Security Engineer, SIEM Engineer or Detection Engineer
• Hands-on experience designing and operating SIEM solutions in cloud or hybrid environments
• Strong knowledge of Elastic SIEM / Elastic Stack, including:
• Ingest pipelines
• Detection rules and alerting
• Dashboards and visualisations
• Experience working within Kubernetes environments
• Understanding of secure log forwarding, encrypted telemetry, and restricted network architectures
• Experience collaborating with SOC teams and translating security requirements into technical implementations
• Cloud & Platform Knowledge
• Experience with Google Cloud Platform (GCP) and/or Google Distributed Cloud (GDC)
• Knowledge of cloud-native telemetry, audit logging, and identity monitoring
• Experience deploying and managing tooling via CI/CD pipelines
• Ways of Working
• Comfortable operating within regulated, high-assurance environments
• Strong communication and documentation skills
• Able to work independently and take ownership of complex security integrations

Desirable Experience

• Experience with Elastic Cloud on Kubernetes (ECK)
• Detections-as-code implementation experience
• Knowledge of threat frameworks and SOC workflows
• Familiarity with UK Government security standards and assurance processes

Clearance Requirements

This role requires active SC Clearance. Candidates must also be willing to undergo Developed Vetting (DV). Due to client security restrictions, applicants must hold UK Citizenship.

Why Join:

You’ll be joining a team delivering genuinely mission-critical secure platforms within some of the UK’s most demanding environments. This role offers:

• The opportunity to shape security architecture from day one
• Exposure to cutting-edge secure cloud technologies
• Direct collaboration with senior security and platform engineering teams
• Meaningful work supporting national-scale secure services