Security Engineer (SIEM)

Opening: Join the Mission

At ByDesign Secure, we design and deliver secure-by-default digital platforms for high‑assurance environments. We are currently building a new secure cloud platform based on Google Distributed Cloud (GDC) and are looking for a Security Engineer (SIEM) to lead the design and implementation of its security monitoring and observability capabilities.

This role offers the opportunity to build a SIEM capability from the ground up, influence security architecture decisions, and directly support SOC operations protecting critical public‑sector services.

About the Opportunity

As a Security Engineer (SIEM) at ByDesign Secure, you will be responsible for building and enhancing our security monitoring and detection capabilities across complex environments. You will design and maintain SIEM use cases, onboard and normalise data sources, and continuously tune detections to improve threat visibility and response.

Working closely with incident response and platform teams, you will turn security data into actionable insight, helping to strengthen detection coverage, reduce noise, and advance the organisation’s overall security maturity.

Role Purpose

As a Security Engineer, you will be responsible for designing, building, and operating the Security Information and Event Management (SIEM) and security observability stack for a new GDC‑based platform.

You will:

• Define how security logs, metrics, alerts, and telemetry are collected, processed, retained, and visualised.
• Establish a cloud‑native SIEM tool and monitoring capability.
• Integrate cloud‑native monitoring with existing on‑premise SOC tooling.
• Enable SOC analysts by providing reliable, actionable security insights.
• Work closely with cloud engineers, security architects, SOC teams, and external vendors to ensure the solution meets security, operational, and compliance requirements.

What You’ll Be Doing

SIEM Architecture & Design

• Work with security and solution architects to design the end‑to‑end SIEM architecture for a secure Google Distributed Cloud (GDC) environment.
• Define log, event and telemetry standards across platform, infrastructure, Kubernetes, and application layers.
• Decide which data sources are monitored locally versus forwarded to an existing on‑prem SIEM.

SIEM Implementation & Integration

• Deploy Elastic SIEM using standard or shared Kubernetes clusters where appropriate.
• Configure secure log forwarding from GDC components to an on‑prem SIEM over dedicated, encrypted network links.
• Integrate cloud audit logs, Kubernetes logs, workload logs, and security tooling into Elastic and on‑prem platforms.

Detection Engineering & SOC Enablement

• Implement detections‑as‑code, version‑controlled and automated through CI/CD pipelines.
• Create and tune detection rules, alerts, and dashboards for SOC analysts.
• Align detections with threat intelligence and playbooks (e.g. Mandiant‑aligned SOC workflows).

Observability & Troubleshooting

• Support monitoring of logs, metrics, and security signals to aid both security response and operational debugging.
• Enable Platform Admins and Application Operators to self‑serve diagnostics while maintaining security boundaries.

Documentation & Guidance

Produce clear guidance for:

• Platform Administrators configuring SIEM integrations
• Application teams onboarding workloads and logs
• SOC analysts using dashboards, alerts, and queries

Contribute to runbooks, operational procedures, and incident response documentation.

Security & Compliance

• Ensure logging and monitoring meet UK Government and high‑assurance security requirements.
• Support audits, assurance activities, and continuous improvement of the monitoring posture.

What You’ll Bring

Essential Skills & Experience

• Strong experience as a Security Engineer, Detection Engineer, or SIEM Engineer.
• Hands‑on experience designing or operating SIEM solutions in cloud or hybrid environments.
• Practical knowledge of Elastic SIEM / Elastic Stack, including:

1. Indexing and ingest pipelines
2. Detection rules and alerts
3. Dashboards and visualisations
4. Experience working with Kubernetes environments and their logging/monitoring patterns.
5. Familiarity with secure log forwarding, encryption, and network‑restricted environments.

• Ability to work closely with SOC teams and translate security requirements into technical implementations.

Cloud & Platform Knowledge

• Experience with Google Cloud Platform (GCP) or Google Distributed Cloud (GDC).
• Understanding of cloud audit logs, identity logs, and platform‑level telemetry.
• Experience deploying tools through cloud marketplaces or CI/CD pipelines.

Ways of Working

• Comfortable working in high‑assurance, regulated environments.
• Strong documentation and communication skills.
• Able to work independently and take ownership of complex security integrations.

Bonus Points For

• Existing UK Government Security Clearance (SC or above)
• Hands‑on experience with Elastic Cloud on Kubernetes (ECK).
• Experience implementing detections as code using Git, CI/CD, and infrastructure‑as‑code.
• Knowledge of threat frameworks.
• Familiarity with UK Government security standards and assurance processes

Clearance Requirements

This role requires either an existing Security Clearance (SC level) or for one to be passed before commencement. There must be a willingness to undergo Developed Vetting (DV).

Must hold UK Citizenship (due to Client Security Restrictions)

Work Location

Hybrid remote in London

Job Types

Temporary, Fixed term contract (Outside of IR35)

#J-18808-Ljbffr