Overview We are seeking an experienced Elastic SIEM Subject Matter Expert (SME) to support NESTOR operations. This role involves developing and refining threat detection capabilities, managing log ingestion, and creating operational dashboards. The ideal candidate will be adept at working in constrained environments and applying Elastic tools creatively to meet mission needs. Key Responsibilities Develop, tune, and optimize SIEM detection rules to identify threats and reduce false positives Manage log ingestion pipelines and ensure reliable data flow into Elasticsearch Design and maintain Kibana dashboards for operational visibility Triage SIEM tickets and investigate alerts to determine root causes Continuously improve detection logic to enhance signal-to-noise ratio Collaborate with NESTOR teams to align SIEM capabilities with operational goals Required Skills and Experience Strong hands-on experience with Elasticsearch, Kibana, and Elastic SIEM Proficiency in log parsing, normalization, and enrichment Experience writing detection rules using EQL, KQL, or similar query languages Ability to operate effectively in limited or resource-constrained environments Familiarity with security operations workflows and incident response processes Preferred Qualifications Experience supporting military or government operations Knowledge of the MITRE ATT&CK framework and threat detection strategies Scripting skills (e.g., Python, Bash) for automation and data enrichment Why SiXworks? SiXworks is a leading provider of secure digital solutions, specialising in digital experimentation and focused on fail-safe-fast cutting-edge technology solutions deployed in highly secure environments. We are unified in our mission to accelerate innovation and adoption of secure, digital technology to improve the operational agility of Defence and National Security. This is an exciting time for us, we have ambitious plans for continued growth and development, and we are seeking to add brilliant, experienced, motivated, and passionate people to our team to work with us on this journey. Why join SiXworks? SiXworks’ expertise includes Secure-by-Design, cloud computing, advanced network and infrastructure design, rapid application development, cross-security domain systems, multi-tenanted High-Performance Compute, multi-source data platforms, cyber vulnerability mitigation, and intelligence systems. We provide supplier-agnostic, technical, and business consultancy to customers while championing open-source and best-of-breed technologies. Due to the secure nature of the position and working environment, you must have, or be eligible to obtain Security Clearance. SiXworks is an IBM subsidiary which has been acquired by IBM and will be integrated into the IBM organisation. SiXworks will be the hiring entity. By proceeding with this application, you understand that SiXworks will share your personal information with other IBM subsidiaries involved in your recruitment process, wherever these are located. More Information on how IBM protects your personal information, including the safeguards in case of cross-border data transfer, are available here: https://www.ibm.com/privacy A word on UK Security Clearance Due to the secure nature of the position and working environment, you must have, or be eligible to obtain DV Security Clearance. More details relating to UK Security Clearance can be found here: United Kingdom Security Vetting (UKSV) is the main UK government provider of security clearances.