SIEM Engineer

Last year in the UK, 4 out of 10 small businesses were victims of a security breach, interrupting their work and causing them operational, reputational and financial damage.

At Invinsec, we think cyber security shouldn’t just be a luxury for large corporations, it should be accessible to all. If you agree, and want to make use of your SIEM expertise to help us in our mission to provide a world class security monitoring service, then this is the role for you.

Each day we receive millions of events from our customers, arriving to us from lots of different sources, in lots of different formats and with domain-specific information that changes all the time.

We need to take all that complexity and make it simple. Our content needs to tell a clear story, answering questions about our customers’ security posture but only revealing detail when and if it’s necessary.

You could be the alchemist that makes this happen. Working directly with our customers and SOC analysts, you will be responsible for implementing unique use cases on the BroadBot platform by:

  • Building dashboards and visualisations that help our stakeholders identify trends and spot potential indicators of compromise as quickly and efficiently as possible.
  • Parsing, classifying and enriching events so that meaningful analysis can be performed by both humans and automated tools (including those employing machine learning).
  • Developing complex rules that tie disparate events together to detect attacks as they unfold.
  • Integrating custom data sources, such as threat intelligence feeds and blacklists, to increase the severity and contextual awareness around an event.
  • Authoring data queries that filter out irrelevant events and surface those key to an investigation.
  • Helping automate reports and their delivery to the customer.
  • Tuning and improving existing content to reduce the number of false positives.
  • Considering the impact of new content on the performance of the system.

You’ll gain experience in and understanding of networking and security infrastructure. Content will be developed using Elastic’s tools (Elasticsearch, Logstash, Kibana, Beats) and our own secret sauce based on big data technologies such as Kafka and Flink. We’ll also provide the opportunity to do formal Elastic and/or Information Security training.


Your unique insight into the customer and the SOC will also mean you get to help shape the design of our internal tools and platform as we move forward.

To do all this, you’ll need to be:

  • A self-starter with a ‘can-do’ attitude, but happy to ask for clarification and help when its appropriate.
  • Resourceful and creative, especially when features are being developed under your feet!
  • Able to write comprehensive documentation suitable for its intended audience.
  • Experience with RegEx, Grok Filters, Elastic or Logstash would be advantageous.
  • Good at gathering requirements from the appropriate stakeholders and working with the technical team to identify an appropriate solution.

This role will be based in our Cheltenham office in Eagle Tower, with plenty of coffee shops and restaurants on our doorstep, and a short walk from the town centre. 

If you’re looking for a challenging role where you can make a real impact in the world, click apply.

Job location: Eagle Tower, Cheltenham, GL50 1TA