SIEM Application Engineer
Posted Today by Experis UK
£550 Per day
Inside
Hybrid
Birmingham, England, United Kingdom
Summary: The SIEM Application Engineer role involves supporting security operations by analyzing and optimizing detections within the Elastic Security platform. The position emphasizes detection analysis, rule refinement, and reporting rather than platform engineering or DevOps. The engineer will collaborate with various teams to enhance detection accuracy and coverage. This is a hybrid role based in Birmingham, Manchester, or Ipswich for a duration of 3 months with a possibility of extension.
Key Responsibilities:
- Analyse alerts generated by Elastic Security and validate detection accuracy.
- Tune and optimise existing Elastic SIEM detection rules to improve fidelity and reduce false positives.
- Map detections to the MITRE ATT&CK framework and identify coverage gaps.
- Produce clear detection reports, tuning documentation, and analysis summaries.
- Collaborate with SOC analysts, incident responders, and security engineering teams.
Key Skills:
- Hands-on experience with Elastic Security / Elastic SIEM, Kibana, and Elasticsearch queries (EQL/KQL).
- Strong understanding of detection logic, alert tuning, and threat behaviours.
- Familiarity with MITRE ATT&CK.
- Strong written communication skills for reporting and documentation.
- Experience in SOC, detection engineering, or threat hunting is a plus.
- Exposure to common log types (endpoint, network, cloud).
- Security certifications (Elastic, Security+, CySA+, etc.) are desirable.
Salary (Rate): £550 daily
City: Birmingham
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
Role: SIEM Application Engineer
Location: Birmingham or Manchester or Ipswich (Hybrid)
Duration: 3 Months with possible extension
Day rate: £450 - £550 via Umbrella
Overview
We are looking for an SIEM Application Engineer to support our security operations by reviewing and optimising detections within our production Elastic Security platform. This role focuses solely on detection analysis, rule refinement, and reporting , rather than SIEM platform engineering or DevOps.
Key Responsibilities
- Analyse alerts generated by Elastic Security and validate detection accuracy.
- Tune and optimise existing Elastic SIEM detection rules to improve fidelity and reduce false positives.
- Map detections to the MITRE ATT&CK framework and identify coverage gaps.
- Produce clear detection reports, tuning documentation, and analysis summaries.
- Collaborate with SOC analysts, incident responders, and security engineering teams.
Required Skills
- Hands-on experience with Elastic Security / Elastic SIEM, Kibana, and Elasticsearch queries (EQL/KQL).
- Strong understanding of detection logic, alert tuning, and threat behaviours.
- Familiarity with MITRE ATT&CK.
- Strong written communication skills for reporting and documentation.
Nice to Have
- Experience in SOC, detection engineering, or threat hunting.
- Exposure to common log types (endpoint, network, cloud).
- Security certifications (Elastic, Security+, CySA+, etc.).