Salary: £109,440 - 131,040 per year Requirements: Strong hands-on experience with Elasticsearch, Kibana, and Elastic SIEM in operational environments Proven experience developing, tuning, and optimising SIEM detection rules to identify threats and reduce false positives Experience managing log ingestion pipelines and ensuring reliable data flow into Elasticsearch Proficiency in log parsing, normalisation, and enrichment to support high-quality detections Hands-on experience designing and maintaining Kibana dashboards for operational visibility Ability to triage SIEM alerts, investigate incidents, and determine root causes Familiarity with security operations workflows and incident response processes Experience writing detection logic using EQL, KQL, or similar query languages Responsibilities: Support NESTOR operations by building, tuning, and operating threat detection, log ingestion, and operational dashboards within Elastic Focus on improving detection quality and investigating alerts Collaborate closely with operational teams to deliver effective SIEM capabilities in constrained, mission-driven environments Ensure successful SIEM operations through effective management of log ingestion and data flow Design and maintain Kibana dashboards for enhanced operational visibility Triage SIEM alerts, investigate incidents, and determine root causes in a timely manner Write detection logic to refine threat identification processes Technologies: ElasticSearch Flow Support Kibana Security More: We are a Defence consultancy located in Farnborough, seeking an experienced Elastic SIEM Subject Matter Expert for a contract position. Our project focuses on significant security operations within MOD/Defence environments. This role requires onsite work, and successful candidates must be security cleared at DV Level prior to appointment. We offer a collaborative team environment, focusing on developing high-quality threat detection capabilities and operational dashboards. last updated 6 week of 2026