Role
* Lead the design, deployment and tuning of enterprise-grade SIEM platforms (e.g. Splunk, Azure Sentinel etc.)
* Collaborate with stakeholders to define logging requirements, use cases, detection rules and dashboards
* Oversee integration of data sources from cloud, on-prem, endpoint, network and application layers
* Create and maintain detection rules, correlation logic and alerts tailored to specific threat scenarios
* Provide technical leadership and mentorship to team members
* Work closely with SOC teams to align SIEM capabilities with business objectives
* Conduct SIEM health checks, performance tuning and capacity planning
Skills
* Expertise in SIEM design, deployment and optimisation
* Hands-on expertise with one or more major SIEM platforms (e.g. Splunk, Sentinel etc.)
* Deep understanding of log ingestion, parsing, normalisation and enrichment
* Strong grasp of MITRE ATT&CK framework, threat detection and alert logic
* Solid scripting/automation skills (e.g., Python, PowerShell, Bash)
* Experience with cloud logging and monitoring (AWS CloudTrail, Azure Monitor, GCP etc.)
* Experience with threat modelling, cloud security or Identity and Access Management is desirable