SIEM Content Engineer

Invinsec are looking for a SIEM Content Developer to join their team! The job is to develop content on Invinsec’s BroadBot platform to support the SOC and to facilitate the visibility, detection, alerting and reporting of Cyber Security threats.

Each day we receive millions of events from our customers, arriving to us from lots of different sources, in lots of different formats and with domain-specific information that changes all the time.

We need to take all that complexity and make it simple. Our content needs to tell a clear story, answering questions about our customers’ security posture but only revealing detail when and if it’s necessary.

You could be the alchemist that makes this happen. Working directly with our customers and SOC analysts, you will be responsible for implementing unique use cases on the BroadBot platform by:

  • Building dashboards and visualisations that help our stakeholders identify trends and spot potential indicators of compromise as quickly and efficiently as possible.
  • Parsing, classifying and enriching events so that meaningful analysis can be performed by both humans and automated tools (including those employing machine learning).
  • Developing complex rules that tie disparate events together to detect attacks as they unfold.
  • Integrating custom data sources, such as threat intelligence feeds and blacklists, to increase the severity and contextual awareness around an event.
  • Authoring data queries that filter out irrelevant events and surface those key to an investigation.
  • Helping automate reports and their delivery to the customer.
  • Tuning and improving existing content to reduce the number of false positives.
  • Considering the impact of new content on the performance of the system.

You’ll gain experience in and understanding of networking and security infrastructure. Content will be developed using Elastic’s tools (Elasticsearch, Logstash, Kibana, Beats) and our own secret sauce based on big data technologies such as Kafka and Spark. We’ll also provide the opportunity to do formal Elastic and/or Information Security training.


Your unique insight into the customer and the SOC will also mean you get to help shape the design of our internal tools and platform as we move forward.

To do all this, you’ll need to be:

  • A self-starter with a ‘can-do’ attitude, but happy to ask for clarification and help when its appropriate.
  • Resourceful and creative, especially when features are being developed under your feet!
  • Able to write comprehensive documentation suitable for its intended audience.
  • Experience with RegEx, Grok Filters, Elastic or Logstash would be advantageous.
  • Good at gathering requirements from the appropriate stakeholders and working with the technical team to identify an appropriate solution.

This role will be based in our Cheltenham office in Eagle Tower, with plenty of coffee shops and restaurants on our doorstep, and a short walk from the town centre. 

If you’re looking for a challenging role where you can make a real impact in the world, click apply.

Job location: Eagle Tower, Cheltenham, GL50 1TA