responsible for design and configuration of the protective monitoring capabilities. work with the SIEM Product Owner and SIEM Architect to ensure the smooth functioning of SIEM and SOC systems that provide detection capabilities within the Cyber Defence function. Configure the EDF managed SIEM correctly with appropriate data sources and keep the design collateral up to date. expertise in Microsoft Sentinel, Defender EDR, AWS, Azure, and cloud environments. Candidates must also have strong communication and stakeholder management skills. Remote working role - occasional monthly visit to offices in South West Build the SIEM alerting rule set that meets the requirement to alert SOC analysts to events of interest Ensure that the SIEM services operated by our partners are assured and integrate appropriately with systems Work with the Cyber Defence team leads to inform the tactical roadmap of SIEM products and services Work with IT teams to optimise logging from their systems to the SIEM with sufficient event data to support the alerting requirements. Align the SIEM use cases to a common framework (eg Mitre ATT&CK) to demonstrate coverage to the business. experience using, designing and configuring SIEM platform(s). collecting and reviewing data from multiple logging sources and ensuring suitable alerting and query rules are in place to explo...