Cyber Security Engineer SoC/SIEM (Contract)
Methods is a £100M+ IT Services Consultancy based in the UK, partnering with central government departments and agencies to transform the way the public sector operates. With more than 30 years of experience, we deliver end‑to‑end business and technical solutions that are people‑centred, safe and designed for the future. Our human‑touch approach distinguishes us from other consultancies and system integrators. We focus on public‑sector work while growing a significant private‑sector client portfolio. Methods was acquired by the Alten Group in early 2022.
Base Pay Range
Base pay will be based on skills and experience. Your recruiter will discuss the range in detail.
Responsibilities & Requirements
* Elastic Stack Expertise: Proven experience with Kibana visualisations, dashboards, queries and alerts. Holds Elastic Certified Analyst certification covering anomaly detection, dashboard tuning and timeline analysis.
* Data Ingestion & Log Pipeline Engineering: Build, manage and optimise complex Logstash pipelines, utilising plugins to handle diverse log formats and enrich security telemetry. Ensure reliable ingestion into Elasticsearch.
* Syslog Configuration: Configure rsyslog and centralised logging for network appliances, firewalls and infrastructure components.
* Linux Proficiency: Administer and troubleshoot Linux systems with command‑line fluency and scripting (Bash, Python) for SIEM operations and log parsing.
* Detection Engineering & Threat Rules: Develop and tune custom detection rules using ESQL, EQL and Lucene syntax aligned with MITRE ATT&CK techniques. Produce investigation guides for SOC analysts.
* SOC Maturity & Policy Development: Contribute to SOC process and policy development, including detection logic lifecycle, alert tuning procedures and SIEM configuration governance.
* Defence Writing & JSP Familiarity: Prepare formal documentation following Defence Writing principles and understanding of Joint Service Publications (JSPs).
* Incident & Case Management: Support the incident response lifecycle—alert review, case triage, evidence handling, escalation and forensic data support.
* Client Engagement & Communication: Convey technical information clearly to internal stakeholders and external clients, collaborate with multidisciplinary teams and represent security operations during client interactions.
Desirable Skills And Experience
* Experience in Defence, Government or Critical National Infrastructure environments.
* Familiarity with security frameworks such as MITRE ATT&CK, NIST CSF or ISO 27001 and mapping TTPs to rule coverage.
* Experience with SOAR or SIEM enrichment tools (TheHive, MISP, Cortex).
* Knowledge of additional log forwarding/processing tools (Elastic Agent, Fluentd).
* Exposure to vulnerability management and threat intelligence platforms (OpenCTI).
Qualifications
* Expert knowledge of Azure & Sentinel.
* Proven experience as a Cyber Analyst focused on Security Operations.
* Strong expertise in Elastic Stack (Elasticsearch, Logstash, Kibana).
* Familiarity with other SIEM tools and security technologies.
* Knowledge of cybersecurity best practices, threat intelligence and incident response.
* Excellent analytical and problem‑solving skills.
* Relevant certifications such as CISSP, CEH or Elastic Certified Engineer (ECE) are a plus.
This role requires a holder of active SC and/or DV clearance. If DV is not held, eligibility for DV is required.
Job Details
* Seniority level: Mid‑Senior level
* Employment type: Contract
* Job function: Information Technology
* Industries: IT Services and IT Consulting
#J-18808-Ljbffr