SIEM Architecht

SIEM Architect
Remote working
Up to £800pd inside IR35
Security Clearance would be advantageous
We are looking for a SIEM/Splunk Architect to work with one of our Central government clients. As the SIEM Architect, you will be responsible for implementing or managing the implementation of tactical and strategic improvements to the SIEM and associated components.
Essential Skills:
The ideal candidates will hold Active SC clearance and have a proven SIEM/ Splunk Architecture background, with the following skills/ experience:
SIEM Engineering and Architecture skills, specifically in Splunk SaaS.
End to end experience of the delivery lifecycle experience for improvements.
Splunk SaaS experience and expertise as a lead architect and/or engineer
Experience of defining improvements within Cyber departments, particularly, SIEM improvements within Cyber Security Operations Centre (CSOC) functions that result in an increase in SIEM Maturity Levels.
Experience of the lifecycle of SIEM delivery, including convergence from other SIEMs.
Requirements:
Document, and socialise, a shared responsibility model to increase buy-in for directorates to send log data to the CSOC (see also project work on convergence)
Simplifying engineering complexity and automation features within the log farm
Standardising collection tier components across directorate environments including possibly using Infrastructure as Code (IaC) approach
Mature Splunk ES advanced data models
Improve mapping of Splunk ES use cases to the MITRE (email address removed) framework
Use case prioritisation, and classification, with a common Risk Based Alerting (RBA) approach.
Strategic SIEM improvements including wider use of SOAR for common analyst tasks and Improvement to data enrichment practices to add context to incident response investigations
Quality assurance to improve the onboarding function and knowledge transfer

---