Job Description

Role: SIEM Architect - SC

Location: Remote with occasional travel

IR35: Inside

Rate: £800/day (Umbrella) MAX

Duration: 31/3/25

Security Clearance: SC

Minimum Requirement:

• SIEM Engineering and Architecture skills, specifically in Splunk SaaS
• A credible technology leader who can drive through technology and process change.
• Good communications, reporting and presentational skills.
• Full end to end experience of the delivery lifecycle experience for improvements
• Splunk SaaS experience and expertise as a lead architect and/or engineer
• Experience of defining improvements within Cyber departments, particularly, SIEM improvements within Cyber Security Operations Centre (CSOC) functions that result in an increase in SIEM Maturity Levels.
• Experience of the lifecycle of SIEM delivery, including convergence from other SIEMs

The overall aim for Overall Aim of Role is to suggest, implement or manage implementation of tactical and strategic improvements to the SIEM and associated components. This will include the following areas:

SIEM Engineering and Architecture improvements:

• Document, and socialise, a shared responsibility model to increase buy-in for directorates to send log data to the CSOC (see also project work on convergence)
• Simplifying engineering complexity and automation features within the log farm
• Standardising collection tier components across directorate environments including possibly using Infrastructure as Code (IaC) approach
• Mature Splunk ES advanced data models
• Improve mapping of Splunk ES use cases to the MITRE ATT@CK framework
• Use case prioritisation, and classification, with a common Risk Based Alerting (RBA) approach.

Strategic SIEM improvements:

• Wider use of SOAR for common analyst tasks
• Improvement to data enrichment practices to add context to incident response investigations
• Other project work including further SIEM convergence, dashboarding, log source monitoring via TrackMe

Quality assurance to improve the onboarding function and knowledge transfer

• Working with the MSP, make improvements to the onboarding process
• Quality checks and assurance of the Onboarding function
• Knowledge sharing of certain areas with the CSOC

Disability Confident

As a member of the disability confident scheme, CLIENT guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group.

Armed Forces Covenant   

CLIENT is proud to support the Armed Forces Covenant and as such, we guarantee to interview all veterans or spouses / partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates / military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. 

If you qualify for the above, please notify us on 0121 794 8181.

We will be in touch to discuss your suitability and arrange your Guaranteed Interview.

Should you require reasonable adjustments at any point during the recruitment process or if there is a more accessible way for us to communicate, please do let me know.

To apply for this role please submit your latest CV or contact Aspect Resources on 0121 794 8181