Security Engineer
Cheltenham, England, United Kingdom of Great Britain and Northern Ireland
Full Time
6 hours ago
Visa Sponsorship
Key skills
AWSAzureCloudITSMPythonSplunkAnalyticsIAMSaaS
About this role
Role Overview
- Engineer, operate, and optimize Microsoft Sentinel across one or more Log Analytics workspaces
- Ensure Sentinel reliability, scalability, performance, and cost efficiency
- Manage workspace architecture, retention, daily cap, and data tiering strategies
- Monitor Sentinel platform health, ingestion latency, connector failures, and query performance
- Design, build, and maintain scalable, highly available log ingestion pipelines
- Onboard and maintain data sources across cloud, on-prem, SaaS, and security tools
- Tune data quality, performance, and cost efficiency across the SIEM environment
- Develop and maintain integrations between the SIEM and security platforms
- Support M&A security onboarding by integrating acquired environments into the SIEM
- Implement monitoring, alerting, and health checks for SIEM infrastructure and data pipelines
- Troubleshoot ingestion, parsing, correlation, and performance issues impacting SOC visibility
- Automate repetitive SIEM operational tasks using scripting or platform-native capabilities
- Document SIEM architecture, data sources, standards, and operational runbooks
- Collaborate with cloud, infrastructure, and network teams to ensure complete and reliable telemetry coverage
Requirements
- 5+ years of experience in SIEM Engineering, Security Operations Engineering, or SOC Platform roles
- Strong hands-on experience with at least one enterprise SIEM platform (e.g., Splunk, Azure Sentinel, Elastic, QRadar)
- preference to candidates with MS Sentinel experience
- Deep understanding of log formats, schemas, parsing, normalization, and enrichment techniques
- Experience onboarding diverse log sources: cloud platforms, operating systems, applications, IAM, and security tools
- Strong troubleshooting skills for ingestion latency, parsing errors, dropped events, and performance bottlenecks
- Understanding of detection concepts, correlation logic, and SOC workflows
- Experience integrating SIEM with SOAR, EDR, ITSM, and threat intelligence platforms
- Familiarity with cloud environments (AWS and/or Azure) and cloud-native logging services
- Scripting experience (Python, SPL, KQL, or equivalent) to support automation and analysis
- Solid foundation in networking, authentication, and security fundamentals.
Tech Stack
- AWS
- Azure
- Cloud
- ITSM
- Python
- Splunk
Benefits
- Flexible at Broadridge
- Professional development opportunities