Parker Shaw logo
jobs board

SIEM Architect

Job title

SIEM Architect

Job description

Duration : Until 31st March 2025

SC

As SIEM Architect you will suggest, implement or manage implementation of tactical and strategic improvements to the SIEM and associated components.

This will include the following areas:

1. SIEM Engineering and Architecture improvements:

- Document, and socialise, a shared responsibility model to increase buy-in for directorates to send log data to the CSOC (see also project work on convergence)

- Simplifying engineering complexity and automation features within the log farm

- Standardising collection tier components across directorate environments including possibly using Infrastructure as Code (IaC) approach

- Mature Splunk ES advanced data models

- Improve mapping of Splunk ES use cases to the framework

- Use case prioritisation, and classification, with a common Risk Based Alerting (RBA) approach.

2. Strategic SIEM improvements:

- Wider use of SOAR for common analyst tasks

- Improvement to data enrichment practices to add context to incident response investigations

- Other project work including further SIEM convergence, dashboarding, log source monitoring

3. Quality assurance to improve the onboarding function and knowledge transfer

- Working with the MSP, make improvements to the onboarding process

- Quality checks and assurance of the Onboarding function

- Knowledge sharing of certain areas with the CSOC

Skills:

  • SIEM Engineering and Architecture skills, specifically in Splunk SaaS
  • A credible technology leader who can drive through technology and process change.
  • Good communications, reporting and presentational skills.
  • Full end to end experience of the delivery lifecycle experience for improvements
  • Splunk SaaS experience and expertise as a lead architect and/or engineer
  • Experience of defining improvements within Cyber departments, particularly, SIEM improvements within Cyber Security Operations Centre (CSOC) functions that result in an increase in SIEM Maturity Levels.
  • Experience of the lifecycle of SIEM delivery, including convergence from other SIEMs

If you feel you have the skills and experience needed for this role; please do apply now.

This website uses cookies to ensure you get the best experience on our website. By continuing you agree to the terms as specified in our cookie policy