Job Description
Elastic SME (SIEM)
Outside IR35 | Farnborough
Talent Locker are supporting a Defence and National Security consulting organisation and are recruiting for an experienced Elastic SIEM SME to support critical operational capability within a highly secure environment.
PLEASE NOTE – this role requires onsite delivery, and candidates must hold UK SC Clearance prior to appointment.
This contract sits within an operational security function where you will play a key role in shaping and ehancing how security data is collected, analysed and used to support mission outcomes. Working alongside engineering and operational teams, you’ll bring deep Elastic expertise to improve detection coverage, operational insight and response effectiveness.
You’ll fovus on strengthening SIEM capability through the development and optimisation of detection logic, ensuring reliable log ingestion into Elasticsearch and creating dashboards that provide meaningful visibility for security operations. The role also involves hands-on investigation of alerts, supporting triage activities, and continuously refining detections to reduce noise and improve accuracy (particularly within technical constrained environments).
Responsibilities will include;
1. Build and maintain detections rules within Elastic SIEM
2. Oversee log ingestion, parsing and enrichments to ensure high quality data
3. Develop and maintain Kibana dashboard to support operations
4. Monitor and investigate SIEM alerts and support incident triage
5. Improve detection fidelity by refining logic and reduce false positives
6. Work with stakeholders to align capability with operational priorities
Experience needed;
7. Hands on experience with Elasticsearch, Kibana, Elastic SIEM, ELK, Elastic stack etc.
8. Proven ability to work with log pipelines, data normalisations etc
9. Experience writing detections using KQL, EQL or similar
10. Demonstrable experience operating in restricted or secure environments
11. Has a sound understanding of security operations
12. Awareness and knowledge of adversary techniques and detection frameworks (including MITRE ATT&CK)
13. Supporting automation with some scripting capability (e.g. python/ bash)
To find out more or to apply, please send your CV to