SIEM Incident SME - Contract (DV Cleared) Rate: £550pd - £650pd Inside IR35 Duration: 6 months Locations: Hybrid and then onsite 2/3 days per week in one of the following locations: Corsham, Portsmouth or Northallerton Due to client requirements, all applicants must require the following, to be considered for this role: Must hold active DV Clearance that has not lapsed Security Information and Event Management/Incident Management experience Role Description: We are seeking a skilled SIEM / Incident Subject Matter Expert to join our clients expanding cybersecurity team. In this role, you will be responsible for designing, delivering, and maintaining operational cybersecurity capabilities. Your focus will be on conducting proactive, risk-based monitoring on priority C4IS/networks to identify both internal and external cyber threats and attacks. Responsibilities: Develop and integrate security event monitoring and incident management services. Respond to security incidents as part of an incident response team. Implement metrics and dashboards for enhanced visibility into the Enterprise infrastructure. Utilize the SOAR platform for playbook automation and case management to streamline processes. Produce documentation to ensure repeatability and standardization of security operating procedures. Enhance investigative methods using SOC software toolsets for better analysis recognition. Maintain a baseline of system security in line with the latest threat intelligence and trends. Participate in root cause analysis of incidents with enterprise engineers. Provide SME guidance on various information security standards and best practices. Offer strategic and tactical security guidance, including evaluating technical controls. Engage in the CRM process and collaborate with SOC engineers to maintain up-to-date security alert dashboards. Document, validate, and create operational processes to aid SOC development. Assist in prioritizing and coordinating the protection of critical cyber defense infrastructure. Build, install, configure, and test dedicated cyber defense hardware. Support junior analysts in managing SOC systems. Essential Experience: Must hold active DV Clearance Experience with ELK (Elastic, Logstash, Kibana) and Tanium. Familiarity with Enterprise ICS/network architectures and technologies. Proficient in SIEM solutions, including use case identification, creation, deployment, and tuning. Previous experience mentoring or coaching junior analysts. Knowledge of MITRE ATT&CK and Cyber Kill Chain frameworks. Skilled in maintaining Microsoft directory services and using virtualization software. Understanding of key security frameworks (e.g., ISO, NIST 800-53, 800-171, 800-172, C2M2). Excellent communication skills, particularly in writing Defense/Government documentation. Desirable Qualifications: Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent). SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent). Advanced Analyst Course (SANS SEC503 or equivalent). ADZN1_UKTJ