Summary: The SIEM Engineer role involves leading the onboarding and integration of log sources into Microsoft Sentinel, requiring SC clearance. The position focuses on developing custom data transformations, optimizing KQL queries, and automating response workflows. The role is hybrid, based in Reading, and classified as inside IR35. The contract duration is six months with a competitive day rate.
Key Responsibilities:
- Lead onboarding and integration of log sources into Microsoft Sentinel to ensure complete and reliable security telemetry
- Develop custom parsers and data transformations to normalise and enrich ingested data
- Design and optimise KQL queries to support effective threat detection and investigation
- Create and maintain analytic rules and detection logic aligned to emerging threats and business use cases
- Develop Logic Apps and SOAR workflows to automate response and reduce manual effort
- Implement CI/CD pipelines (Azure DevOps/Git) to support controlled deployment of SIEM content (rules, parsers, playbooks)
- Automate deployment and configuration across environments to improve consistency and speed of delivery
- Perform ongoing tuning and optimisation of detections to improve fidelity and reduce false positives
Key Skills:
- SC Clearance
- Experience with Microsoft Sentinel
- Proficiency in KQL (Kusto Query Language)
- Knowledge of Logic Apps and SOAR workflows
- Experience with CI/CD pipelines (Azure DevOps/Git)
- Ability to develop custom parsers and data transformations
- Strong analytical and problem-solving skills
- Experience in threat detection and investigation
Salary (Rate): £700 daily
City: Reading
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
Detailed Description From Employer:
SIEM Engineer - (Havant/Reading/Hybrid) - Inside IR35
Day Rate - up to £700
Duration - 6 months
Harvey Nash's Client have a requirement for a SIEM Engineer, you must be SC Cleared to commence this post.
You will support the team in:
- Lead onboarding and integration of log sources into Microsoft Sentinel to ensure complete and reliable security telemetry
- Develop custom parsers and data transformations to normalise and enrich ingested data
- Design and optimise KQL queries to support effective threat detection and investigation
- Create and maintain analytic rules and detection logic aligned to emerging threats and business use cases
- Develop Logic Apps and SOAR workflows to automate response and reduce manual effort
- Implement CI/CD pipelines (Azure DevOps/Git) to support controlled deployment of SIEM content (rules, parsers, playbooks)
- Automate deployment and configuration across environments to improve consistency and speed of delivery
- Perform ongoing tuning and optimisation of detections to improve fidelity and reduce false positives