Hackajob is collaborating with BT (Networks) to connect them with exceptional tech professionals for this role. Job Description - SIEM Application Engineer Job Details Job title SIEM Application Engineer Reports to (job) SIEM Software Engineer Manager Team Security Engineering Location Birmingham Job Dimensions SIEM Engineer responsible for designing, deployment, management and optimisation of Elastic SIEM solutions built on ECK to enhance threat detection and security monitoring within BT. Hours Full time No. Direct Reports 0 Career Level D Why BT Group? We’ve always been an organization with purpose; we connect for good. You can trace this back to our beginning as pioneers of the world’s first telecommunications company. At our heart, we’re a technology company with research and innovation in our bones, and a desire to be personal, simple, and brilliant for our customers - the values we live by. Creating an inclusive working environment where people from all backgrounds can succeed. Our pursuit of progress over the past 180 years has established BT as a strong, successful brand, with huge scale, capable of achieving great things. From supporting emergency services, hospitals, banks and keeping economies around the world online, safe, and secure, to delivering large scale innovative technology infrastructure like the creation of BT Sport. Today, in this fast changing, always on, digital world, our purpose remains true. Yet the market conditions, regulation and competition we face are tougher than ever before. So, if you have the drive, optimism, and resilience to help propel us forward, we’ll offer unrivalled personal development, a wealth of opportunities to learn, experience new things, and pursue new careers. If that’s you, and what you’re looking for. We’d love you to be part of our future. Why this job matters The new Network SIEM is essential to BT’s network security, meeting TSA requirements and improving our CAF level. Your role as a SIEM Application Engineer in Security Engineering is to support the development, implementation, operation and support of BTs Strategic SIEM development. We are seeking a skilled SIEM Application Engineer with expertise in Elasticsearch to join our dynamic team. As a SIEM engineer, you will play a critical role in designing, developing, and maintaining our security information and event management (SIEM) system. Your focus will be on leveraging Elasticsearch and related technologies to enhance threat detection, incident response, and overall security posture. What You’ll Be Doing - Your Accountabilities The skills you’ll need to succeed SIEM Solution Development: Collaborate with security analysts and architects to design and implement SIEM solutions using Elasticsearch. Optimize SIEM rules, alerts, and dashboards for efficient threat detection. Collaboration: Collaborate effectively with others to drive forward key security objectives Presentation and documentation writing (to both technical and business audiences) Query Optimization and Performance Tuning: Write efficient Elasticsearch queries to retrieve relevant security events. Monitor and manage the performance of the SIEM infrastructure. Security Engineering: Contribute to security engineering projects, transitions, and transformations. Work closely with security operations and associated security incident response systems Stay informed about emerging threats and security best practices. Data Ingestion and Enrichment: Configure Elasticsearch pipelines for data ingestion from various sources, primarily from Kafka Enhance data enrichment by integrating threat intelligence feeds and contextual information. Keep abreast of relevant technologies in the area Reading, attending briefings and talks. Contribute to the running of your team. Knowledge-sharing, In team discussions, Defining and improving working procedures Organisation of team events. Help colleagues in the team to grow by mentoring when required. Keep abreast of relevant news and updates at BT. This may entail the following: attending briefings and talks. Agree personal goals with the Team Lead for the year and work towards achieving these. Advantageous SIEM implementation and usage [RR1] Experience of Elastic Stack (ELK) Knowledge of Offensive testing frameworks Knowledge of Linux, Windows and Network Administration Knowledge and experience of cloud services (public or private), OpenStack and K8S Cyber security qualifications Knowledge of Telecoms Security Act (TSA) Knowledge of architectural concepts such as microservices, service mesh.[RR2] Knowledge of Git and Devops practices[RR3] Knowledge of Terraform/Ansible systems[RR4] Strong knowledge of security policy/regulatory frameworksAt least 3-5 years experience of cyber security engineering and delivery Essential Security and Compliance with Elastic Security: Set up access controls, authentication, and encryption using Elastic Security features. Ensure compliance with data protection regulations.[LR5] Detection Rule Development: Ability to create, test, and optimise detection rules to identify suspicious activities and potential threats based on the MITRE ATT&CK Framework Performance Tuning with Elasticsearch and Logstash: Fine-tune query performance using Elasticsearch indices and mappings.