Back to jobs
Job Description
Role Overview
As a Managing Security Engineer, you will be leading the design, documentation and installation of security monitoring tools/platforms to provide data to the Sopra Steria Security Operational Centre (SOC) for analysis. Your role will be pivotal in ensuring that we have the correct tooling operating to ensure that we can provide protection and monitoring of our clients. You will collaborate with cross-functional teams to assess risks, design controls, and define testing requirements. Your leadership and expertise will be critical in fostering a strong culture of technology expertise and security by design across Sopra Steria. You will play a lead role in helping our clients understand their security challenges and then specify, plan and implement controls to improve their security posture.
This is a superb opportunity to continue developing your hands-on experience in the field of cybersecurity while contributing to the overall security posture of the organisation.
Key Responsibilities Elastic (Elastic Stack / Elastic Security): Hands‑on with index lifecycle management (ILM), ingest pipelines, ECS mapping, transforms, and enrichment. Experience designing and tuning detection rules (KQL, EQL), response actions, case workflows, and Elastic Security posture features. Skilled in Fleet/Agent deployment, data stream design, and performance tuning at scale. Splunk (Enterprise ES): Advanced SPL for correlation searches, data models (CIM), notable events, risk‑based alerting (RBA), and accelerated data sets. Proficient in TA/TAF configuration, props/transforms, parsing/line‑breaking, and sourcetype normalisation. Experience with KV store, summary indexing, search head clustering, indexer clustering, and deployment servers. Data Pipeline Engineering: Build and maintain robust log ingestion using collectors/agents (e.g., Elastic Agent, Beats, Splunk UF/HF, Syslog, Kafka). Design schema strategy (ECS/CIM), enrichment (GeoIP, threat intel, asset/identity), and data quality controls (deduplication, null handling). Implement data management, buffering, and throughput optimisation with clear RTO/RPO expectations. Detection Engineering Content Lifecycle: Translate threat intel and TTPs (MITRE ATT CK) into effective, low‑noise rules across Elastic and Splunk. Establish content lifecycle: design → test (simulated events) → deploy → monitor → tune → retire, with versioning and rollback. Apply RBA frameworks, thresholds, and contextual scoring to elevate signal fidelity. Automation Infrastructure‑as‑Code (IaC): Use CI/CD to manage SIEM configurations (e.g., detection rules, dashboards, saved searches) as code. Integrate orchestration (SOAR tooling, webhooks, Python) for automated enrichment and response. Maintain repeatable environment builds with Terraform/Ansible and secure secrets handling. Platform Operations Reliability Capacity planning scaling: Forecast and right‑size storage, CPU, memory, and IOPS; plan scale‑out/scale‑up; model ingestion growth and retention tiers. High availability resilience: Design and maintain multi‑site clusters, site awareness, quorum health, DR runbooks, and tested backup/restore (Splunk: indexer/search head clustering; Elastic: cross‑cluster replication/search, snapshot restore). Performance stability: Monitor and tune search concurrency, queue depth, indexing throughput, latency and backlog; enforce SLOs for ingestion and query performance; proactively remediate hotspots and noisy neighbors.
As a Managing Security Engineer, you will be leading the design, documentation and installation of security monitoring tools/platforms to provide data to the Sopra Steria Security Operational Centre (SOC) for analysis. Your role will be pivotal in ensuring that we have the correct tooling operating to ensure that we can provide protection and monitoring of our clients. You will collaborate with cross-functional teams to assess risks, design controls, and define testing requirements. Your leadership and expertise will be critical in fostering a strong culture of technology expertise and security by design across Sopra Steria. You will play a lead role in helping our clients understand their security challenges and then specify, plan and implement controls to improve their security posture.
This is a superb opportunity to continue developing your hands-on experience in the field of cybersecurity while contributing to the overall security posture of the organisation.
Key Responsibilities Elastic (Elastic Stack / Elastic Security): Hands‑on with index lifecycle management (ILM), ingest pipelines, ECS mapping, transforms, and enrichment. Experience designing and tuning detection rules (KQL, EQL), response actions, case workflows, and Elastic Security posture features. Skilled in Fleet/Agent deployment, data stream design, and performance tuning at scale. Splunk (Enterprise ES): Advanced SPL for correlation searches, data models (CIM), notable events, risk‑based alerting (RBA), and accelerated data sets. Proficient in TA/TAF configuration, props/transforms, parsing/line‑breaking, and sourcetype normalisation. Experience with KV store, summary indexing, search head clustering, indexer clustering, and deployment servers. Data Pipeline Engineering: Build and maintain robust log ingestion using collectors/agents (e.g., Elastic Agent, Beats, Splunk UF/HF, Syslog, Kafka). Design schema strategy (ECS/CIM), enrichment (GeoIP, threat intel, asset/identity), and data quality controls (deduplication, null handling). Implement data management, buffering, and throughput optimisation with clear RTO/RPO expectations. Detection Engineering Content Lifecycle: Translate threat intel and TTPs (MITRE ATT CK) into effective, low‑noise rules across Elastic and Splunk. Establish content lifecycle: design → test (simulated events) → deploy → monitor → tune → retire, with versioning and rollback. Apply RBA frameworks, thresholds, and contextual scoring to elevate signal fidelity. Automation Infrastructure‑as‑Code (IaC): Use CI/CD to manage SIEM configurations (e.g., detection rules, dashboards, saved searches) as code. Integrate orchestration (SOAR tooling, webhooks, Python) for automated enrichment and response. Maintain repeatable environment builds with Terraform/Ansible and secure secrets handling. Platform Operations Reliability Capacity planning scaling: Forecast and right‑size storage, CPU, memory, and IOPS; plan scale‑out/scale‑up; model ingestion growth and retention tiers. High availability resilience: Design and maintain multi‑site clusters, site awareness, quorum health, DR runbooks, and tested backup/restore (Splunk: indexer/search head clustering; Elastic: cross‑cluster replication/search, snapshot restore). Performance stability: Monitor and tune search concurrency, queue depth, indexing throughput, latency and backlog; enforce SLOs for ingestion and query performance; proactively remediate hotspots and noisy neighbors.