Security Engineer - SIEM - sought by investment bank based in London - Contract - Hybrid
*Inside IR35 - umbrella*
Key Responsibilities
SIEM Management & Optimization:
Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks
Develop advanced KQL queries for threat hunting and reporting
Optimize SIEM performance, cost, and data retention policies
Troubleshoot log ingestion and parsing issues
Log Source Integration:
Onboard and configure critical log sources (AD, firewalls, servers, cloud infrastructure)
Manage event collection and forwarding infrastructure
Implement data filtering and custom log parsing
Threat Detection & Use Case Development:
Develop and refine detection rules based on threat intelligence and attack patterns
Continuously improve detection efficacy and reduce false positives
Security Monitoring & Incident Response:
Monitor systems for anomalies and malicious activity
Contribute to threat hunting and incident response playbooks
Provide expert guidance on securing applications and infrastructure
Security Advisory & Innovation:
Support PoCs for new security tools
Help define and measure control effectiveness
Required Skills & Experience
3+ years in a Security Engineer, SOC Analyst, or similar role
Hands-on experience with Microsoft Sentinel and KQL
Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP)
Proficiency in scripting (PowerShell, Python)
Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain)
Experience with EDR, DLP, Proxy, and SEG tools
Desirable Qualifications
Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP
Experience with SOAR playbooks, YARA rules, STIX, and YAML
Participation in red/purple team exercises
Please apply within for further details - Matt Holmes, Harvey Nash
TPBN1_UKTJ