SIEM Content Development Team Leader

Vodafone Newbury, England, United Kingdom Join us – at Vodafone, we’re shaping the future of connectivity and building a sustainable, inclusive world. Grow your career with a balance between work and life and make a real impact. What You’ll Do Lead the SIEM Content Development team to deliver cutting‑edge detection of security events in the Cyber Security Operations Centre. Own performance against Service Level Agreements and Key Performance Indicators, champion detection‑as‑code practices, automation and cross‑functional collaboration. Drive continuous improvement across multiple technologies Contribute to content development – optimal tuning and operation of threat and vulnerability management technologies Refine rules and logic within the Vodafone SIEM Collaborate with CSOC Principal Manager to improve security operations Execute security analysis to address current cyber threats Lead threat response – analyze blue‑team activity to identify threat group activity Deliver security reporting and advisories to key stakeholders Champion detection‑as‑code practices, version control, peer review and CI/CD pipelines for rule deployment Foster a culture of continuous learning and innovation – mentor, knowledge sharing, cross‑functional collaboration Partner with platform and engineering teams to ensure detection logic is scalable, resilient and aligned with infrastructure changes Deliver residual risk assessment – operational and technical lessons learned post‑incident analysis Collaborate with data owners and customers to translate data sources and use cases into actionable content Who You Are Minimum 2‑5 years experience in SIEM content (rule logic and code) development Experience in a Security Operations Centre (SOC) or similar environment Proven experience leading technical teams or line management and mentoring Experience collaborating with threat intelligence, incident response and platform engineering Hands‑on experience in security event analysis, SIEM/EDR rule creation and efficiency delivery Experience in threat modelling methodologies (STRIDE, PASTA or attack trees) Translate threat scenarios and intelligence into actionable detection logic and measurable outcomes Deep knowledge of IPv4/IPv6, TCP networking protocols Deep knowledge of Windows/Linux operating systems Exceptional working knowledge of security technologies – SIEM, EDR, IDS/IPS, firewalls, proxies, web application firewalls, anti‑virus Comprehensive understanding of Windows Security Event logs and Syslog Excellent familiarity with endpoint/perimeter security attack vectors and detection (blue/purple teaming) Excellent familiarity with standard security frameworks such as MITRE, cyber kill chain and APT campaign strategies Outstanding knowledge of cloud platforms – Azure, O365, Google Cloud, AWS, Oracle Excellent working knowledge of regular expression development Scripting and programming experience highly desirable Kusto or SQL knowledge, including rule/query optimisation Yara‑L knowledge, including rule/query optimisation Familiarity with detection‑as‑code tooling and practices (Git, CI/CD pipelines) Experience in security event analytics – Elastic, Azure Sentinel or Splunk Experience building or maturing security culture initiatives (awareness programs, gamified training, executive engagement) What's In It For You Yearly bonus: 10% Annual leave: 28 days + bank holidays + opportunity to buy/sell/carry over 5 days/year Charity days: 5 days/year Maternity leave: 52 weeks – first 13 weeks fully paid, 26 weeks half pay Private pension – contribute up to 5% basic pay with 2:1 matching from Vodafone up to 10% Access to private medical, private dental, free health assessments, share‑save scheme Additional discounts – Vodafone retail, gym, cinema, cycle‑to‑work, season ticket loan Who We Are We are a leading international Telco serving millions of customers. Vodafone believes connectivity is a force for good – improving people's lives and the world through technology, connecting everyone and protecting the planet. Belonging at Vodafone is lived, breathed and cultivated. You’ll join a global, diverse community of many different minds, abilities, backgrounds and cultures. We are committed to increasing diversity, ensuring equal representation and making Vodafone a place everyone feels safe, valued and included. If you require reasonable adjustments or have an accessibility request, refer to application‑adjustments for guidance. #J-18808-Ljbffr